Sysadmin Sunday: Subversion

Sorry for the recent lack of Sysadmin Sunday posts. I don't always have good Sysadmin content thought up. Sometimes I do, but I don't have time to actually set up an environment to demonstrate it. Sometimes I don't even have time to get around to writing much of anything.

So, we're back this week with a tutorial on setting up Subversion, a revision control system that, in my opinion, is much better and user-friendly than other revision control systems (such as CVS). You'll see me (and many others) casually use "SVN" when referencing Subversion. You can use subversion to synchronize directories (folders) across different workstations, to collaborate changes on large documentation or programming projects, or to simply have a revision control and change rollback system for your files. It works with binary and text, but can take up a lot of hard drive space on the server for large or frequently-changing data sets.

Installation
Initially installing Subversion varies on the platform and package management system available. I am installing subversion on Ubuntu Gutsy Gibbon Server Edition. Here, it's as simple as:
$ sudo apt-get install subversion

On FreeBSD 6.3, I got it installed using pkg_add as well, with no problems.
$ sudo pkg_add -r subversion

Subversion packages are available for many platforms, but if you wish to build it from source, the documentation is quite good.

HiR Reading Room
Of particular note is the O'Reilly and Associates book: Version Control with Subversion. It is free and open source, so it's also available to read in its entirety on the web. I personally liked it enough that I bought the paperback book, as I dealt with subversion on a daily basis at my last full-time job. If you'll be doing a lot with Subversion, this is a great book to have around as a reference guide.

Please note that I'm not dealing with any encryption whatsoever, so you should probably make sure that your svn server isn't accessible from the Internet. Being behind a private firewall or cheap router will work for testing this at home. Read the book for information on securing SVN with ssh or using better authentication options. There's even a web-based SVN Server, which allows your users to browse the repository with a browser while using all of the flexibility and authentication modules at Apache web server's disposal. All of that and plenty more is covered in this book.

Starting svnserve
First, make a directory to keep the repositories in. A repository is simply a directory on the SVN server where data is stored. I chose /var/svn/repositories.
$ sudo mkdir -p /var/svn/repositories

Then, we need to start our svnserve daemon. As I mentioned before, there are several ways to run SVN. Just starting a vanilla svnserve daemon is the easiest way but not always the best way. For the purposes of this demonstration, I will keep it simple.

Place "svnserve -d -r /var/svn/repositories" (or whatever repository root you chose) in the startup scripts, usually in /etc/rc.local. Either reboot, or run "[sudo] svnserve -d -r /var/svn/repositories" from the command line to start it. This restricts svn to exporting only the contents of /var/svn/repositories.

Your first repository
Let's set up our first repository. On the SVN Server, run the following. You may choose whatever you wish for the repository name, but it has to be under the repository root you defined when you started svnserve.
$ sudo svnadmin create /var/svn/repositories/hir-test/

You should create a username and a password by editing the "svnserve" and "passwd" files in the "conf" directory under the repository you just created. Keep in mind that passwords are all in plaintext for this example. It's not really the best way to do things, but it is the simplest.

$ vi /var/svn/repositories/hir-test/conf/svnserve.conf
un-comment the following lines:
anon-access = read
auth-access = write
password-db = passwd


$ vi /var/svn/repositories/hir-test/conf/passwd
Add a line like the following to the end of the file to define your username and password:
axon = setecastronomy

Now, go to a client computer (or simply access it locally but through the svn:// url scheme) and use SVN to check out the repository:
[axon@floaty-fbsd ~]$ svn checkout svn://axon@192.168.0.108/hir-test/
[axon@floaty-fbsd ~]$ cd hir-test
[axon@floaty-fbsd ~/hir-test]$ ls -la

total 8
drwxr-xr-x   3 axon  axon   512 Mar 29 21:37 .
drwxr-xr-x  20 axon  axon  2560 Mar 29 21:38 ..
drwxr-xr-x   6 axon  axon   512 Mar 29 21:37 .svn

Copy a file into the repository, or make a new file. Your choice. Then use "svn stat" to see the status of the files in the directory.
[axon@floaty-fbsd ~/hir-test]$ cp ~/internet-resume.doc .
[axon@floaty-fbsd ~/hir-test]$ svn stat
? internet-resume.doc

SVN doesn't recognize the file, hence the "?" before the file name. We must first add the file with "svn add"
[axon@floaty-fbsd ~/hir-test]$ svn add internet-resume.doc
A (bin) internet-resume.doc
[axon@floaty-fbsd ~/hir-test]$ svn stat
A internet-resume.doc

At this point, SVN is aware of the file, but it still hasn't uploaded it to the svn server. If we go to another machine and check out the repository, it will still be empty. (sorry, I used the DNS name in this example but it's the same server as 192.168.0.108)
axon@hosting:~$ svn checkout svn://axon@lampdev.labs.h-i-r.net/hir-test
Checked out revision 0.
axon@hosting:~$ cd hir-test/
axon@hosting:~/hir-test$ ls -la

total 12
drwxr-xr-x 3 axon axon 4096 2008-03-29 16:52 .
drwxr-xr-x 5 axon axon 4096 2008-03-29 16:52 ..
drwxr-xr-x 6 axon axon 4096 2008-03-29 16:52 .svn

Back on the client machine where we added the file, though, use "svn commit" to update the central repository on the SVN server. You should always commit with a message saying what changes were made. use --message for that. It should then prompt for your password.

[axon@floaty-fbsd ~/hir-test]$ svn commit --message "added my resume"
Authentication realm: 2c608312-9cd3-44f0-b88e-356728a5cc35
Password for 'axon': setecastronomy (not shown on screen)
Adding (bin) internet-resume.doc
Transmitting file data .
Committed revision 1.

Now, whenever you check out the repository elsewhere, the files will be in sync. Use svn update to refresh your local repository to the latest version:
axon@hosting:~/hir-test$ svn update
A internet-resume.doc
Updated to revision 1.
axon@hosting:~/hir-test$ ls
internet-resume.doc

When you delete, copy or move files within a local copy of the repository, it's best (practically mandatory) to use svn delete (svn rm), svn copy (svn cp), and svn move (svn mv) for these tasks, respectively.

So far, the commands we've covered the following for client machines. This should be enough to get you up and running.
svn checkout svn://[user@]host/repo-name - Checks out a local copy of the repository
svn update - Refreshes the local repository
svn add - Adds version control to new files in the local copy of the repository
svn commit --message "test message" - Updates the central repository
svn delete filename - remove a file from the local repository
svn rm filename - same as above
svn copy filename1 filename2 - make a copy of a file within the repo.
svn cp filename1 filename2 - same as above
svn move filename1 filename2 - move a file from one place to another in the repo.
svn mv filename1 filename2 - same as above

There is also a windows shell extension available, called TortoiseSVN. This puts a TortoiseSVN menu in the list when you right-click while browsing files on Windows. From here, you can check out, update, add, commit and manipulate repositories right from within Windows.

HiR Reading Room: Postfix: The Definitive Guide

Postfix is my favorite MTA right now. Various authentication and mail store options, a "security first" development cycle, and great performance are just a few of the reasons. Gone are the days of Sendmail. Qmail is feature-packed but kludgy (and I don't really care for djb's antics nor his hubris, so maybe it's a little personal). Postfix is king, as far as I'm concerned.

This 278-page guide is svelte, but remains packed with useful tips, configuration examples, and advice on Internet mail infrastructure. Whether you just want to build a mail server for yourself or a small company, or you're looking at revamping the way your corporate e-mail is handled, this book is worth a look.

You don't need to know a lot about MTAs in general to get started. I'd argue that intricate familiarity with Sendmail might even hurt you a little. You can get a ground-up lesson on mail infrastructure from Postfix: The Definitive Guide. A little functional UNIX knowledge is a bonus, though.

HiR Reading Room: AIX 5L Administration

While AIX 6.1 is the new hotness, it's mostly feature additions. If you know AIX 5, you can get around AIX 6 without a problem -- you just might be missing out on cool things like enhanced RBAC and workload partitions.

The writing, grammar and editing of this book leaves a little bit to be desired, but the concepts covered in AIX 5L Administration are vitally important for any AIX sysadmin to be familiar with. This book is great for people who have a casual working knowledge of the UNIX command line (linux, solaris or BSD) who want to expand their horizons all the way up to seasoned intermediate AIX users, who will find new things and helpful tips within these pages.

I personally bought this book while I was job hunting. I had some rusty familiarity with AIX 4, but was looking at the prospect of landing a job that required working, functional knowledge of Solaris 8, Solaris 10, and AIX 5.3. It was a great refresher course for AIX, and gave me the information I needed to confidently blaze through a pre-employment AIX knowledge test. Now, more than a year later, this book sits next to my desk and is occasionally referenced when I need to do something on AIX that I'm not too familiar with.

Whether for reference, for job advancement, or for the fun of tinkering around with something new, this book comes highly recommended for anyone dealing with AIX, either daily or occasionally.

HiR Reading Room: Hakin9 Magazine

I picked up the most recent copy of Hakin9 magazine this week. As usual, it delivers some good content.

I first ran into Hakin9 at the local Border's Book Store when looking for Make magazine about a year ago. I usually subscribe to magazines I like, so you won't find me perusing the periodicals too often.

The first issues of Hakin9 I found were a little rough around the edges. I've mentioned hakin9 in passing before, but it seems to be maturing (just a little bit). Of note, the overall grammar in the publication seems to be improved. This is partially, I'd suspect, because more writers seem to be from English-speaking countries.

Hakin9 always comes with a CD-ROM of goodies. For the past several issues, this has been Hakin9 Live, a slightly modified release of BackTrack 2 with some extra content related to the magazine. The most recent issue of Hakin9 Live comes with two decent video tutorials, some demonstration software, and simply by way of building on BackTrack 2, a LOT of security tools ready to use if you boot a system up from the CD. Both of the video demonstrations show how to use tools right from within BackTrack.

Additionally, this issue's hardcopy content is juicy. The article count is pretty low, but it makes up for it with a great level of detail, rich illustrations, and some epic profiles of big names in the industry: Gary McGraw -- who I mentioned a few weeks ago, and Eugene Kaspersky.

Always rounding out the pages are overviews of the extra software included on the CD, frequent book reviews, and product reviews and recommendations.

While Hakin9 obviously still carries a strong bias from the "Attack" side of things, it has enough defense-centric advice to keep it relevant to the task at hand for people in the information security biz. As such, it's never a bad thing for white hats to understand how the back hats think or what they're up to -- and we're all just various shades of grey anyways. There's obviously a verbose disclaimer about how the information within Hakin9's pages are for use on your private network and machines. We know. ;) I do think it's cool that they publish in several different languages, though.

Link:
Hakin9 - Hard Core IT Security Magazine (English)

Exploiting Online Games

Kansas City native game hacker, tinkerer and developer Josh Kriegshauser discussed Greg Hoglund and Gary McGraw's book, Exploiting Online Games.  Josh is an old friend, former co-worker, and former classmate to various HiR writers.  He went from tinkering with Ultima Online while he was in school, to being a big name in the MMO industry in the last decade.  

I found Josh's discussion about the book interesting, and thought I'd share it here.  I'm definitely not a gamer in any sense of the word, but things like this interest me enough that I'm seriously considering picking up a copy.

RIP, SysAdmin Magazine...

I recieved my copy of the August Issue of SysAdmin this week. The very first column of SysAdmin is always syslog, where the Editor in Chief -- currently Amber Ankerholz -- writes a short essay relevant to the current issue.

This latest issue's syslog has me saddened. It opens as follows:

This is the last issue of SysAdmin magazine that you will receive. The magazine is ceasing publication after this issue.

This is a really hard time for publishers and for print media in general. 2600: The Hacker Quarterly has repeatedly said that things are pretty tense, changing publishers and thus slightly changing the format and binding of the magazine itself. It's industry-wide, and smaller publications are victims of collateral damage, I'm afraid.

Unfortunately for those of us who read and enjoy SysAdmin, there really isn't anything else out there to take its place. Sure, there's a slough of Linux publications out there, but I personally don't use Linux all that often. On a daily basis, I use AIX, Solaris, OpenBSD, and Mac OS X. Also, with the market shifting Linux towards desktop focus, the world is a lot more interested in Ubuntu than it is in SLES, Red Hat Enterprise, or CentOS. Most Linux magazines are now focused on graphics, games, and productivity suites for Linux. That's definitely a far cry away from the content in my beloved departed SysAdmin.

There are other magazines focused on security in general. 2600 comes to mind, but it covers more than just security -- often focusing on mischief or malice beyond the realm of the digital world. Hakin9 is published out of Poland, and the English version of their magazine is written in translated, slightly broken English. It resembles e-zines of old in writing style, which is great for nostalgia but terrible for clearly conveying information. I could name a few others, but they're also sorely lacking in UNIXish-specific systems and applications administration content.

So, a moment of silence for SysAdmin. RIP, Buddy. You will be missed.