Category Archives: Ubuntu

osquery

This week Facebook open sourced a project called osquery, which offers the ability to access low-level operating system information through simple SQL queries (more precisely SQL as understood by SQLite). More information for how to navigate through the tables can be found in the github page.

Installing/building osquery in Linux (in my case Ubuntu 14.04 LTS) is as follows:

git clone https://github.com/facebook/osquery
cd osquery
make deps
make

Testing the project:   make test

Deploying and running it:  make install

make deps will take care of installing everything you need to compile osquery.

If you have any errors in your source list make deps will end with errors and osquery will not be installed, because the used packages are not available. Therefore make sure that you have the latest packages and don’t get any errors in the source.list:  sudo apt-get update  (also  sudo apt-get upgrade).  In case of errors, you can fix the source.list by editing:  sudo gedit /etc/apt/sources.list

Here is another good tutorial on installing and using osquery.

Install MariaDB on Ubuntu 10.04 “Lucid Lynx”

The easiest way to install fresh version of MariaDB is trough the OurDelta Package. First add the repository to your system:

wget -O- http://ourdelta.org/deb/ourdelta.gpg | sudo apt-key add -
sudo wget http://ourdelta.org/deb/sources/lucid-mariadb-ourdelta.list 
\ -O /etc/apt/sources.list.d/ourdelta.list

Afterwards, don’t forget to fetch the new lists with:

$sudo aptitude update

Then install MariaDB with :

$sudo apt-get install mariadb-server-5.1

In my case I was missing some dependencies ,so I have to run

$sudo apt-get -f install

which installed additionally mariadb-server-core-5.1 and then all the other packages.

Set ulimit parameters on ubuntu

By default the number of open files  pro user in Ubuntu 8.04   is 1024. In my case this number was  too small so I have to increase it.This is done with the  ulimit command:

$ulimit -a   # see all the kernel parameters
$ulimit -n   #see the number of open files
$ulimit -n 9000  #  set the number open files to 9000

The problem with this way is that the ulimit parameter is only set currently  for this command terminal and user.If you open a new tab and type again ulimit -a you will see that the number of open files is 1024.This means that after a reboot you’ll need to set the parameter again.

First, in order to set this options automatically  you have to edit the etc/security/limits.conf file.

$sudo gedit /etc/security/limits.conf    #open the file in gedit

The # means that this part is commented.The wildcard * means  for all users.We need to set the nofile option meaning maximum number of open files.If you want to change the number of files of user, you should add this line in the limits.conf:

user  soft  nofile 9000

user  hard  nofile 65000

If  you want to set the nofile only for superuser you just write root instead of user.

root soft  nofile 9000

root hard  nofile 65000

Second you have to add a line in the /etc/pam.d/common-session file:

$ sudo gedit /etc/pam.d/common-session #open the file in gedit

Then add the line:

session required pam_limits.so

Now after rebooting you can see in the terminal with ulimit -a the change.

The option with wildcard *didn’t work for me , because I used root accout to run my programms and wildcard option doesn’t affect the superuser.

Remark: Using the same steps you should be able to set and change other parameters ( core file size, max user processes, stack size ….) from the ulimit options.

References: