Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "logfile"
Waaaay too many but let's go with this one for now.
At my previous job there was a web application which was generating about 1gb of log data a second. Server was full and the 'fullstack engineers' we called had zero clue about backend stuff and couldn't fix it.
Me and another engineer worked our asses off to figure this out but eventually the logging stopped and it went back to normal.
For that moment. I was the on-call server engineer and at like 3am I got called awake because this shit was happening again.
Sleep drunk with my phone I ssh'd into the server, not sure about what to do at first but then suddenly: let's chattr the goddamn log file...
$ chattr +i /var/log/logfile
Bam, worked, done, back to sleep.
(this comment + param marks the file in a way that it can only be read until the mark is removed, so you can't write to it or move it or remove it or whatever)14
TL;DR my first vps got hacked, the attacker flooded my server log when I successfully discovered and removed him so I couldn't use my server anymore because the log was taking up all the space on the server.
The first Linux VPN I ever had (when I was a noob and had just started with vServers and Linux in general, obviously) got hacked within 2 moths since I got it.
As I didn't knew much about securing a Linux server, I made all these "rookie" mistakes: having ssh on port 22, allowing root access via ssh, no key auth...
So, the server got hacked without me even noticing. Some time later, I received a mail from my hoster who said "hello, someone (probably you) is running portscans from your server" of which I had no idea... So I looked in the logs, and BAM, "successful root login" from an IP address which wasn't me.
After I found out the server got hacked, I reinstalled the whole server, changed the port and activated key auth and installed fail2ban.
Some days later, when I finally configured everything the way I wanted, I observed I couldn't do anything with that server anymore. Found out there was absolutely no space on the server. Made a scan to find files to delete and found a logfile. The ssh logfile. I took up a freaking 95 GB of space (of a total of 100gb on the server). Turned out the guy who broke into my server got upset I discovered him and bruteforced the shit out of my server flooding the logs with failed login attempts...
I guess I learnt how to properly secure a server from this attack 💪3
I made a bash script for my website that anonymises the visitor IPs in the Awstats logs by replacing the last octet with 0. It can either process all logfiles except the one of the current month, or only the one of the previous month. The latter mode is how I put it in a cron job to be called on the first day of each month.
Everything worked flawlessly with test data, but on the server, some visitor IPs were not anonymised. I noticed that all of them were from the last day of the previous month. Looking at the time stamp of the logfile, it was indeed from the first of the current month, but not from 00:21 where my cron job runs - instead, it was modified around 14:30.
Then I realised that the Awstats engine seems to be configured to batch add the log entries once per day at 14:30 so that when my cron job ran, the visitor data from between 14:30 and 00:00 were not yet in the file!
Solution: batch process all previous logfiles once to clean them up, and schedule the cron job on the 2nd of each month at 00:21.2
How do you define a seniority in a corporate is beyond me.
This guy is supposed to be Tier3, literally "advanced technical support". Taking care of network boxes, which are more or less linux servers. The most knowledgable person on the topic, when Tier1 screws something and it's not BAU/Tier2 can't fix it.
In the past hour he:
- attempted to 'cd' to a file and wondered why he got an error
- has no idea how to spell 'md5sum'
- syntax for 'cp' command had to be spelled out to him letter by letter
- has only vague idea how SSH key setup works (can do it only if sombody prepares him the commands)
- was confused how to 'grep' a string from a logfile
This is not something new and fancy he had no time to learn yet. These things are the same past 20-30 years. I used to feel sorry for US guys getting fired due to their work being outsourced to us but that is no longer the case. Our average IT college drop-out could handle maintenance better than some of these people.13
Well, what the fuck man? This shit AGAIN? Aah, maybe something's wrong with my stupid fucking batch OH NO WAIT ITS FINE. ITS ALL FINE.
Hmmm, I left HIPS on paranoid mode, right, right. Maybe it's blocking cmd and screwing me over. Those *.bat fuckers over at temp where giving me the jeevies, but that's all clean now so I can turn it off. Let's try pushing now...
GRANDEUSLY SEASONED SHIT STEAKS, JUST WHAT THE FUCK IS GOING ON HERE?! Do I even have access to the interwebz? YES I DO. Alright, alright, let's just fucking terminate and kill EVERYTHING so there's no process left to cockblock me.
AAARRHRHRHH WHY WHY WHY WHY!!! I DON'T KNOW WHO BUT I'M GOING TO KILL SOMEBODY. I'LL... wait a minute. What is this? OH WHAT THE ACTUAL FUCK. What kind of DEGENERATE would DEFILE my init script like THIS? ALL INSTANCES OF THIS SHELL ARE OUTPUTTING TO A LOGFILE BURIED DEEP WITHIN THE ASSCRACKS OF C:\URMOMx86 WHILE RUNNING SOME GIBBERISH INTERPRETER AND... ooooh... that's MY interpreter. So it was ME ALL ALONG.
WELP, no time to commit fucking harakiri so let's just undo this and push.
Aah, it's like finally taking that one huge dump at the end of the day. All in a day's work. And who knows what brew of stupidity I'll cook up next to screw myself over in unforeseable ways? ITS FINE. ITS ALL FINE. I CAN FIX IT. I'm an EXPERT in STUPID FUCKUPS. QUALITY service, GUARANTEE. I'LL OVERCLOCK THE SHIT OUT OF YOUR MICROPROCESSOR BABY. WINK WINK.
Currently I have to devop a Verilog Module. Somehow there seems to be a bug in my environment and once I start the compile process this fucking compiler hangs for a solid 30 minutes or longer and I don't even get an output. It just stops with an Error that says I shall check the logfile, but it is empty.1
I spent half a day trying to figure out why the app on the staging server does not log in the app log file while it does on the dev server.
Server log said log config file found but could not find the root logger.
Problem was that the directory was readable for the app, but not the logfile configuration file.
Dear devs, when a file is not readable that might be some interesting information one could write into a log. AT LEAST MORE INTERESTING THAN "APPLICATION STARTING..."
How does one convert an .img system image for Android to the format readable by Heimdall on Linux... Only thing I found so far requires Windows... Why make Heimdall if you need Windows anyway to make the image... Just use Odin on Windows then... Any ideas? Don't have Windows... And all I need is to read a bloody logfile (btsnoop_hci.log). Thanks, "secure" Android Oreo!!!4