Escalation is one type of flow.

Sometimes it helps to think about it in people terms starting at the beginning of the story



The package in wheezy backports dates from January 2014



There are many choices for enterprise monitoring, you may already have server level monitoring in place.

Where an individual process requires inspection over time, a simple monitoring script is an option

One of the trade-offs that you must make when monitoring in detail is sample frequency.

Too frequent and you might cause more issues (large logs or other cruft).

Not frequent enough and you might miss the very thing you are trying to observe.

A basic Python script that logs every 2 minutes to sqlite can be found at the link shown next.

On a server with Python 2 available, and equipped with the process id you wish to monitor (from ps output), you might invoke the script as follows:

python ./ 1234

(where 1234 is the process id of you long running process)

The script will run for 3 months or so, and samples at two minute intervals.

Killing the process being monitored will see the monitoring script exit also.

Bugzilla 4.2 will be end of life in November 2015, so if you are thinking of upgrading, then you might want to take a look at Bugzilla 5.0 ( released in July )

You can follow the ‘Installation and Maintenance Guide’ at or use a configuration template.

If Ansible is your thing, then the repository at can be used to configure an Ubuntu server ( dedicated or cloud )

In ~/hosts.list for Ansible give your server a name such as ‘myubuntu’
and then clone the repository using:

hg clone ssh://

From within the local cloned copy you should be able to see site.yml and then run the following:

ansible-playbook site.yml -i ~/hosts.list -u root -l myubuntu

A video demonstration of the automation is available as follows:

python -m unittest discover

…should work fine when you have set everything up with a bit of forethought

If you see response ‘Ran 0 tests’ then try

touch tests/

If you fail to create an empty in your tests folder, then Python (rightly) will not recognise it [ as a module ]

Rerun your discover command and if missing was holding you up, then you should now be further along.

Along the way you have just learned a little about project structure, and Python requirements generally for modularised code.

netstat grepping

grepping listening ports

Here (above) is an example of grepping the full list of ports shown as LISTEN

My example concentrates on port 80 (apache) or alternatives. Amend to fit your requirements.
Source at Bitbucket below:

One criticism of Windows was folks being encouraged (by websites) to download custom .exe file to Desktop and double click.

In response to this, a wave a security products and some access control changes, put a stop to that.

Some users missed the convenience.

Could this ever happen on Linux / Unix?


Here is an extract from the install instructions for a Google publicised project:

curl -L | bash

Seems the nix community is in too great a hurry to put convenience before security.

I point out some of the reasons why not in the next section.

Internet pipe to Bash – why not?

To suggest such an install procedure, is to ignore many of the security lessons from the past decade.

Possible risks 1: Fat fingered redirect

By advising the user invoke curl with -L flag, the developer is encouraging users to trust any locally coded redirection.

The reason curl advises of redirection is to allow the end user to verify any redirection themselves rather than trusting what redirection is entered at the remote site.

What would happen if a bogus redirect was inserted by mistake, or by a malicious insider? If it only happened for an hour would the company think it important enough to inform the developer population?

Possible risks 2: Shifting sands

Exactly how do you personally know that the code that was there yesterday is the same code as today?

Does it come in a package with checksums and a well understood inbuilt verification of checksum feature?

Can you manually download a verification checksum from a different mirror server, than the actual code download?

Possible risks 3: Compromised server

Compromised servers are always a risk for any internet hosted software.

Hosting code through acceptance in a distribution like Debian or Red Hat, allows a small company to leverage the infrastructure provided.

It also elevates untrusted software somewhat, due to the integration build process, qa review, and hosting infrastructure which such distributions provide.

Bitbucket, Gitorious, Google code and Github offer some minor improvement from self hosting a project yourself.

Then there is Pypi, CPAN, and other convenience collections, which whilst not offering massive assurance, at least mitigate the next problem described.

Possible risks 4: Dns hijack / redirection

Dns cache poisoning is all too common unfortunately.

Whilst this project is getting some backing from Google, it would be unwise to assume that it (and any mirrors?) employ DNSSEC to mitigate Cache poisoning. If they did employ DNSSEC effectively, would that be on the original http endpoint or the redirected http endpoint?

Commentary and other examples:

In fairness to the developers, there are some additional install notes, and in particular there is some hints for Debian / Ubuntu folks that include this line:

sudo npm install -g yeoman

However, those install instructions also suggest at the start, that you should still do an initial pipe bash, in case you had a previous install present.

Doing that initial pipe bash, then switching to more traditional package management techniques, does not mitigate any of the risks described earlier.

It may be that developers are being encouraged to do this sort of hacky curl stuff by seeing this entry from the npm site:

curl | sh

The observant amongst you will notice that there is no -L flag here, so strike off one of those risks listed earlier.

What comes after the pipe symbol ( | )? Does that make any difference from the other example?

That answer is left as an exercise for the reader.

Further examples (added after article first written):