Categotry Archives: Skill Level: Advanced

0

Openvpn revisited: Howto install and configure openvpn

by

wayno vpn from outside

wayno vpn from outside

Virtual Private Networks. They are useful, but they can also seem daunting. As I have learned more about VPN’S from my first post, some 2 years ago, I thought we should re-vist and update.

1. What’s the first thing we do? Why install openvpn of course!

REMOTE (HOST) Configuration


sudo apt-get install openvpn

2. Now we need to generate our secret key. This is used to authenticate a remote user trying to gain access. We will use openvpn itself to generate the secret key. NOTE: Debian by default, does NOT provide a path to /usr/sbin

You can fully qualify it: /usr/sbin/openvpn

temporarily add it to the PATH variable: export PATH=$PATH:/sbin:/usr/sbin:/usr/sbin

Or just add:

export PATH=$PATH:/sbin:/usr/sbin:/usr/sbin

to .bashrc

If you add it to .bashrc, you will need to logout and back in again, so it will re-read the file.

Let’s generate that key! (The key below is named homer for the host, it can be anything)


openvpn --genkey --secret homer.key

Simple, huh?

3. Let’s move some files, and create the configuration file for openvpn.

first, let’s move our secret key file:


sudo cp homer.key /etc/openvpn/.

The period at the end, is significant. It says copy the file, right here.

4. Next is the configuration file. Using your favourite editor (nano in my case) create the
/etc/openvpn/openvpn.conf file as follows: Most of the explanations of the parameters come from here.


# Sample openvpn configuration file
# jjs June 6, 2012 V1.0
#
# annotated by Wayno April 26, 2014
#
# remote specifies the address of the server

local 192.168.1.101 5001
#local 192.168.1.101 1194

# dev tun specifies that we are using a tunnel device

dev tun

# ifconfig tells ip address for the interface

ifconfig 192.168.224.253 192.168.224.254

# and the secret key name (in /etc/openvpn)

secret homer.key

# use port 5001 (default) to connect to the vpn. This may require
# you to add this in your router.

port 5001
#port 1194

# if you want data compression

comp-lzo

# ping every 10 seconds, if no ping in 120 seconds, other side dead

keepalive 10 120

# ping timer starts after it receives a connection

ping-timer-rem

# don't recreate a virtual net interface TUN after automatic restart

persist-tun

# Don't read pre-shared static key file again after auto restart

persist-key

# user and group

user nobody
group nogroup

# after initialization, run in the background as a daemon

daemon

# append the /etc/openvpn/openvpn.log

log-append openvpn.log

5. Restart openvpn


sudo service openvpn restart

If you check /etc/openvpn/openvpn.log you will get something like this:

sudo cat openvpn.log
Tue Jun 24 20:00:39 2014 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014
Tue Jun 24 20:00:39 2014 TUN/TAP device tun0 opened
Tue Jun 24 20:00:39 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 24 20:00:39 2014 /sbin/ip link set dev tun0 up mtu 1500
Tue Jun 24 20:00:39 2014 /sbin/ip addr add dev tun0 local 192.168.224.253 peer 192.168.224.253
Tue Jun 24 20:00:39 2014 GID set to nogroup
Tue Jun 24 20:00:39 2014 UID set to nobody
Tue Jun 24 20:00:39 2014 UDPv4 link local (bound): [AF_INET]192.168.1.101:5001
Tue Jun 24 20:00:39 2014 UDPv4 link remote: [undef]
Tue Jun 24 20:00:44 2014 Peer Connection Initiated with [AF_INET]192.168.1.103:5001
Tue Jun 24 20:00:45 2014 Initialization Sequence Completed

6. Let’s see if it works?


ping -c 5 192.168.224.253

PING 192.168.224.253 (192.168.224.253) 56(84) bytes of data.
64 bytes from 192.168.224.253: icmp_req=1 ttl=64 time=0.033 ms
64 bytes from 192.168.224.253: icmp_req=2 ttl=64 time=0.041 ms
64 bytes from 192.168.224.253: icmp_req=3 ttl=64 time=0.030 ms
64 bytes from 192.168.224.253: icmp_req=4 ttl=64 time=0.041 ms
64 bytes from 192.168.224.253: icmp_req=5 ttl=64 time=0.040 ms

— 192.168.224.253 ping statistics —
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.030/0.037/0.041/0.004 ms

==================

1. Now the CLIENT configuration /etc/openvpn/client.conf:


#
# openvpn CLIENT configuration
#
# V1.0 by Wayno April 26, 2014

# remote specifies the ip address of the remote (host) openvpn

remote 192.168.1.101

# dev tun specifies that we are using a tunnel device

dev tun

# ifconfig tells ip address for the interface
# NOTE that the ifconfig ip's are BACKWARD from the host

ifconfig 192.168.224.254 192.168.224.253

# The name of the secret key we generated (it could be anyname)

secret homer.key

# use port 5001 (note you may need to open this up in your router
# and make sure it points to the remote (host))

port 5001

# if you want data compression

comp-lzo

# ping every 10 seconds, if no ping in 60 seconds, other side dead

keepalive 10 60

# ping timer starts after it receives a connection

ping-timer-rem

# don't recreate a virtual net interface TUN after automatic restart

persist-tun

# Don't read pre-shared static key file again after auto restart

persist-key

#user and group

user nobody
group nogroup

# after initialization, run in the background as a daemon

daemon

log-append openvpn.log

2. Ensure you copy the secret key over to the /etc/openvpn on the client side. This assumes the key is already in your home folder


sudo cp ~/homer.key .

Note that the period (.) at the end IS significant.

3. And your output should look something like this:

sudo cat openvpn.log
Tue Jun 24 20:20:27 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
Tue Jun 24 20:20:27 2014 NOTE: OpenVPN 2.1 requires ‘–script-security 2’ or higher to call user-defined scripts or executables
Tue Jun 24 20:20:27 2014 LZO compression initialized
Tue Jun 24 20:20:27 2014 TUN/TAP device tun0 opened
Tue Jun 24 20:20:27 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 24 20:20:27 2014 /sbin/ifconfig tun0 192.168.224.254 pointopoint 192.168.224.253 mtu 1500
Tue Jun 24 20:20:27 2014 GID set to nogroup
Tue Jun 24 20:20:27 2014 UID set to nobody
Tue Jun 24 20:20:27 2014 UDPv4 link local (bound): [undef]
Tue Jun 24 20:20:27 2014 UDPv4 link remote: [AF_INET]192.168.1.101:5001
Tue Jun 24 20:20:27 2014 Peer Connection Initiated with [AF_INET]192.168.1.101:5001
Tue Jun 24 20:20:28 2014 Initialization Sequence Completed

3. ssh into the vpn

nwayno@Willy:~$ ssh 192.168.224.253
nwayno@192.168.224.253’s password:
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-29-generic x86_64)

* Documentation: https://help.ubuntu.com/

Last login: Tue Jun 24 20:40:04 2014 from 192.168.224.253
nwayno@Homer:~$

3

HDhomerun3 Product Review

by

hdhomerun3

With the arrival of the Digital Age, Silicon Dust has a niche market: For those people who want to free themselves from cable bills, Silicon Dust created a digital tuner which can easily be added to a computer network, allowing you to have your own Personal Video Recorder. One of it’s unique features is that it is a networked appliance, so any device on the network (with the proper software) can watch videos from virtually anywhere on the planet with highspeed internet connection. It is compatible with Windows, Mac, and Linux.

The product does come with an installation disc for the Windows operating system. I choose to use the free open source Mythtv for Linux. Mythtv installation can be frightening. I required assistance from my friend Mike M. in the Kansas City area.

The installation went with a few hiccups, but the real challenge was just ahead. Configuration. That is more art then science. It required more thaumaturging (magic wand waving) then I would have liked. The biggest issue was that when I did the channel scans, and then ran mythfilldatabase to update the logs. Nothing happened! It turns out that you need to add the xmltv id.(see highlighted red section — xmltv id is just and index into a database that contains the channel specific information. Zap2it is the easiest to use)

channel

After that, I was watching tv for the first time! YaY!

All good things crashed last week. The digital tuner quit working. It would NOT tune any hidef channels, either over-the-air, or cable, even though my HDTV received them fine, either way.

The true mettle of a company is revealed when there are repair issues. The problems did not surface until day 31 of a 30 day return period. I am under the manufacturer’s 1 year warranty period now. What I found out…has been challenging. There is NO telephone number to call for Tech Support. It is all done by email via Fog Creek. Silicon Dust does NOT do their own Tech Support. It is done by a 3rd party vendor. Support is very slow, arduous and painful. You can expect 1 reply / day. It could take weeks to solve a simple problem. The embedded diagnostic software, that phones home is operating system dependent: requiring the user to have Windows. For Linux users, this requirement is un-acceptable. If a product is advertised as Linux compatible, then the diagnostic software should be available native to Linux, NOT Windows.

The email Tech Support, lack of native diagnostic software, the Windows requirement, and product reliability/durability gives this product 1.9 out of 5 rating. (C-)

0

Upgrading from Ubuntu 8.04 (lts) to Ubuntu 12.04 (lts)

by

On 03/26/2013 10:48 AM, wrote:

Sunday night I upgraded my server again – I had previously upgraded it from ubuntu 8.04 to 10.04, so I figured I’d go ahead and take it to 12.04 so it will be supported until 2017.

It all went smoothly. All I had to do to get the ball rolling was to type: ‘do-release-upgrade’ and the process began. Again, the box stayed up all through the upgrade, continued to serve dns and dhcp, routed nat traffic to the internet, and kept the vpns running.

When the upgrade was complete, I had to go to run level 6 to boot into the new kernel, so the system was down for about a minute while the reboot process ran its course.

When it came up, there was a problem with forwarding traffic to the internet. That was caused by a new /etc/sysctl.conf which didn’t have the ipv4 forwarding enabled. I fixed the file, typed “sysctl -p” to make the new setting take effect, and lan access to the internet was restored.

A bit later I noticed a second problem: wireless devices were not able to access the internet. I found that the dhcp server was not running. I tried starting it manually and it failed. Looking in the log, I could see that apparmor didn’t like the fancy things dhcpd was trying to do. Admittedly it’s a custom configuration, and the new version of dhcpd might require a few changes. At any rate, I just unloaded apparmor to get things up and running. Then dhcpd was able to start, and there were no other problems.

All in all, a smooth upgrade with a rather short outage.

Joe

0

How to install and configure openvpn (virtual private network) for Linux

by

Virtual Private Networks are a useful tool, to allow us to securely reach an isolated computer or network.

Yet, is requires more tweaking then one would imagine. So here’s a step by step guide on how I did it, with a LOT of help in understanding some of the key concepts, provided by my friend Joe, and protocol explanations from Darren of hak5.

1. What’s the first thing we do? Why install openvpn of course!


sudo apt-get install openvpn

2. Now we need to generate our secret key. This is used to authenticate a remote user trying to gain access. We will use openvpn itself to generate the secret key. NOTE: Debian by default, does NOT provide a path to /usr/sbin

You can fully qualify it: /usr/sbin/openvpn

temporarily add it to the PATH variable: export PATH=$PATH:/sbin:/usr/sbin:/usr/sbin

Or just add:

export PATH=$PATH:/sbin:/usr/sbin:/usr/sbin

to .bashrc

If you add it to .bashrc, you will need to logout and back in again, so it will re-read the file.

Let’s generate that key!


openvpn --genkey --secret vpn.key

Simple, huh?

3. Let’s move some files, and create the configuration file for openvpn.

first, let’s move our secret key file:


sudo cp vpn.key /etc/openvpn/.

The period at the end, is significant. It says copy the file, right here.

4. Next is the configuration file. Using your favourite editor (nano in my case) create the
/etc/openvpn/openvpn.conf file as follows: Most of the explanations of the parameters come from here.


# Sample openvpn configuration file
# jjs June 6, 2012 V1.0
#
# annotated by Wayno
#
# remote specifies the address of the server

remote 172.229.15.5

# dev tun specifies that we are using a tunnel device

dev tun

# ifconfig tells ip address for the interface

ifconfig 192.168.224.253 192.168.224.254

# and the secret key name (in /etc/openvpn)

secret vpn.key

# use port 5001 (default) to connect to the vpn. This may require
# you to add this in your router.

port 5001

# if you want data compression

comp-lzo

# ping every 10 seconds, if no ping in 120 seconds, other side dead

keepalive 10 120

# ping timer starts after it receives a connection

ping-timer-rem

# don't recreate a virtual net interface TUN after automatic restart

persist-tun

# Don't read pre-shared static key file again after auto restart

persist-key

# user and group

user nobody
group nogroup

# after initialization, run in the background as a daemon

daemon

# setup the route after ifconfig

route 192.168.111.0 255.255.255.0

# append the /etc/openvpn/openvpn.log

log-append openvpn.log

5. Restart openvpn


sudo service openvpn restart

If you check /etc/openvpn/openvpn.log you will get something like this:

sudo cat openvpn.log
Tue Oct 2 01:22:07 2012 OpenVPN 2.1.3 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Feb 21 2012
Tue Oct 2 01:22:07 2012 NOTE: OpenVPN 2.1 requires ‘–script-security 2’ or higher to call user-defined scripts or executables
Tue Oct 2 01:22:07 2012 /usr/sbin/openvpn-vulnkey -q vpn.key
Tue Oct 2 01:22:07 2012 WARNING: file ‘vpn.key’ is group or others accessible
Tue Oct 2 01:22:07 2012 LZO compression initialized
Tue Oct 2 01:22:07 2012 TUN/TAP device tun0 opened
Tue Oct 2 01:22:07 2012 /sbin/ifconfig tun0 192.168.224.253 pointopoint 192.168.224.254 mtu 1500
Tue Oct 2 01:22:07 2012 GID set to nogroup
Tue Oct 2 01:22:07 2012 UID set to nobody
Tue Oct 2 01:22:07 2012 UDPv4 link local (bound): [undef]
Tue Oct 2 01:22:07 2012 UDPv4 link remote: [AF_INET]72.200.67.229:5001
Tue Oct 2 01:22:07 2012 OpenVPN 2.1.3 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Feb 21 2012
Tue Oct 2 01:22:07 2012 NOTE: OpenVPN 2.1 requires ‘–script-security 2’ or higher to call user-defined scripts or executables
Tue Oct 2 01:22:07 2012 /usr/sbin/openvpn-vulnkey -q vpn.key
Tue Oct 2 01:22:07 2012 WARNING: file ‘vpn.key’ is group or others accessible
Tue Oct 2 01:22:07 2012 LZO compression initialized
Tue Oct 2 01:22:07 2012 TCP/UDP: Socket bind failed on local address [undef]: Address already in use
Tue Oct 2 01:22:07 2012 Exiting
Tue Oct 2 01:22:10 2012 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Tue Oct 2 01:22:20 2012 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Tue Oct 2 01:22:20 2012 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)

6. Let’s see if it works?


ping -c 5 192.168.224.253

PING 192.168.224.253 (192.168.224.253) 56(84) bytes of data.
64 bytes from 192.168.224.253: icmp_req=1 ttl=64 time=0.033 ms
64 bytes from 192.168.224.253: icmp_req=2 ttl=64 time=0.041 ms
64 bytes from 192.168.224.253: icmp_req=3 ttl=64 time=0.030 ms
64 bytes from 192.168.224.253: icmp_req=4 ttl=64 time=0.041 ms
64 bytes from 192.168.224.253: icmp_req=5 ttl=64 time=0.040 ms

— 192.168.224.253 ping statistics —
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.030/0.037/0.041/0.004 ms

0

How to: compile Pidgin Instant Messenger from source for Linux

by

Normally, compiling things from source code is pretty routine. I was having some problem with the old 2.7 version of the Pidgin Instant Messenger. People I deleted/removed kept resurrecting from the dead, like a vampire. (2.7 is what is in the repository for Debian Squeeze.)

1. So I grabbed the source code and started compiling. I learned that you need to install a package before starting the compile process.


sudo apt-get install intltool

intltool is an international translation tool

2. Before you get started, let’s remove all the old programmes.


sudo apt-get purge libpurple0

removing libpurple should remove all the pidgin libraries, and pidgin itself.

to check, you can do:


dpkg -l | grep -E '(libpurple)|(pidgin)'

dpkg -l lists all the installed packages
grep -E use extended regular expressions

That should just return a prompt. If it does NOT,
sudo apt-get remove whatever package it shows.

3. so we are ready to start. after you extract the source code, cd to the directory and configure. My configure line looked like this:


./configure --disable-screensaver --disable-gtkspell --disable-vv --disable-meanwhile --disable-avahi --disable-nm --disable-perl --disable-tcl

Let’s try to break this down.

–disable-screensaver – if you don’t need xscreensaver support, disable this.

–disable-gtkspell – if you do not use automatic spell correct, disable.

— disable-vv – if you do NOT need video/voice support disable.

–disable-meanwhile if you do not need meanwhile (sametime) disable. No idea what that is.

–disable-avahi if you do not need avahi support (looking for services like printers on localhost) disable

–disable-nm if you do not need network manager support (guess I did not) disable

–disable-perl — if you do not need perl support, disable.

–disable-tcl — if you do not need tool command language (tcl) support, disable.

Whew. That’s a boatload of things to disable! (It is why I made this entry)

4. Compiling will take some time. So go take a break, get a c.r.b. (cool refreshing beverage), etc.


make

5. When it is all done compiling:


sudo make install

Enjoy the goodness!

Pidgin V 2.10.6

0

We’re re-hosting. We’re back, mostly

by

Well some calamities, Jane. Our old webhoster went down, and I needed to re-locate. So….I am back….almost.

Some of the pictures are missing, and wordpress needs some tweaking, but I alone survived to tell the tale.

If you were a subscriber, you will need to re-subscribe. Apologies, but I have no access to any of the old data. Fortunately, my wordpress backup was only a few days old. Didn’t lose any articles, just pictures, which can be re-added.

So I ask for your patience while I recover.

Your patience WILL be rewarded!

Wayno

0

A mini guide on converting from Ubuntu to Debian

by

How to convert from Ubuntu to Debian

This article will encompass a LOT of previous posts. This is NOT recommended for n00bs.

1. While you are downloading the Debian iso, it would be a good first step to backup /home/ and /etc/.

2. You can find simple rsync backup/restore scripts here.

3. Once the debian iso is downloaded, you should md5sum check it first. You can find the debian cd iso image checksums here.

4. Burn the iso (not copy to a cd – why this is NOT for n00bs) to a cd or dvd, depending on what you downloaded.

5. Installing from the DVD is quite different then Ubuntu. This is NOT a live cd, so you can’t experiment first.

The rest of this article will ass/u/me that you were able to install Debian sucessfully. Configuring Debian, requires some work!

1. The first thing that bit me in the buttocks (can we say that here?) – is rebranded software. You won’t find Firefox or Thunderbird. Instead you will find re-branded software. So icedove instead of Thunderbird, and IceWeasel instead of Firefox. Those are in the Debian Repositories. The problem with re-branded software, is that it is NOT upstream compatible. You can always choose to install the branded stuff (Firefox/Thunderbird) from the Mozilla site. If you need 64 bit Firefox or Thunderbird you can get find that here.

NOTE: the following code block assumes sudo (#3 below is fixed:)

As always anything with an octothorpe (#) is a comment and need not be coded.


sudo apt-get install icedove # get the re-branded thunderbird
sudo apt-get install iceweasel # get the re-branded firefox

2. The second thing is .profile so you will want to deal with that next.

3. Next, was how to easily do sudo in debian

By default – sudo does NOT work in Debian. And as you know, you get sort of used to using sudo in Ubuntu. There are some crazy ideas on how to fix this, but this is pretty easy and straight forward.

4. You probably need java run time

Guess what? That does NOT come pre-installed on Debian! You can easily add the java runtime environment (jre) for Debian.

5. if you need to restart the gdm in Debian, it’s gdm3 NOT gdm as in Ubuntu. So


sudo service gdm3 restart

6. By default, /usr/sbin is NOT in your path in Debian, but is in Ubuntu. How to fix? This was a little more complicated then I thought. But Joe had a neat fix! (so none of the system tasks are available – things like I dunno gparted, vsftpd, useradd, etc — are not accessible.)

By default, when Linux comes up, it executes /etc/profile. Within /etc/profile it sources /etc/profile.d/bashrc.local.sh

What do I mean by “sources?” Joe explains:

Executing a script is the normal way to do it. The script executes, then it exits, and it’s environment is gone forever.

When you source a script, you execute all the commands in the script and (it) remain(s) in the environment – keeping all changes made to same.

execute: /path/to/script.sh

source: source /path/to/script or more succinctly:

. /path/to/script

And that is what the following script does/ It uses a function called pathmunge to add the missing paths:


# /etc/bashrc.local.sh for Linux
#
# Local environment variables
#
export ORGANIZATION="Mirai Consulting"

#if [ $SHELL == '/bin/bash' ]; then

#
# Set prompt and aliases to something useful for an interactive shell
#

case "$-" in
*i*)
#
# Set prompt to something useful
#
case "$is" in
bash)
set -p
if test "$UID" = 0 ; then
PS1="u@h:w> "
else
tty=`tty`
PS1=`uname -n`': $PWD n(tty${tty#/dev/tty}): bash: ! > '
fi
;;
esac

case $TERM in
xterm)
PROMPT_COMMAND='echo -ne "�33]0;${USER}@${HOSTNAME%%.*}:${PWD/$HOME/~}�07"'
;;
screen)
PROMPT_COMMAND='echo -ne "�33_${USER}@${HOSTNAME%%.*}:${PWD/$HOME/~}�33\"'
;;
*)
PROMPT_COMMAND=''
;;
esac

# fix broken non-root path -

pathmunge () {
if ! echo $PATH | /bin/egrep -q "(^|:)$1($|:)" ; then
if [ "$2" = "after" ] ; then
PATH=$PATH:$1
else
PATH=$1:$PATH
fi
fi
}

#
# Path manipulation
#

pathmunge /sbin
pathmunge /usr/sbin
pathmunge /usr/local/sbin
pathmunge $HOME/sbin

unset pathmunge

set histexpand
export HISTCONTROL=ignoredups

alias ltr='ls -latr'
alias ll='ls -laFL'
alias lll='ll | less'

alias cls=clear
alias f=finger

sudo=''

alias maillog='$sudo tail -20 /var/log/mail.log'
alias postlog='$sudo grep postfix /var/log/mail | tail -40'
alias poplog='$sudo grep pop3-login /var/log/mail | tail -40'
alias msgs='$sudo tail -20 /var/log/messages'
alias krnl='$sudo tail -20 /var/log/kernel'
alias cmo='ls -Lltr /var/spool/mail'
alias psu='ps -FHu'
alias mqt='mailq|tail'
alias dmesg='/bin/dmesg|tail -40'

/bin/rm -f ~/.project
set `date`
echo "" >> ~/.project
echo " $LOGNAME logged in on `hostname` $1 $2 $3 $4" >> ~/.project
echo "" >> ~/.project

esac

#[ -r /etc/dircolors.sh ] && . /etc/dircolors.sh

alias addkey="sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys"

#fi

7. If you have Skype you will probably need to fix that as well.

This is just a first cut draft on the differences I noted between Ubuntu and Debian.

Thanks always to Joe and Loni.

1

Installing gnome-3 on Ubuntu 10.10/10.04

by

THIS IS NOT RECOMMENDED FOR N00BS
(do NOT try this!)

My friend Erick in Mexico City sent me this link:

installing gnome 3 on Ubuntu 10.xx

Yes, the original post is in Spanish, and my espanol is not up to par. So I translated the page into English.

The directions were pretty clear, but there is one error. I will repost the recipe here with the correction. (Yup,
It IS in Spanish. I was a little intimidated since sudo got translated to: I sweat!) Note, the original post had a space between the ppa name and gnome3. Nope that didn’t work, but was easily fixed.

Here’s the recipe:


sudo add-apt-repository ppa:gnome3-team/gnome3
sudo apt-get update
sudo apt-get install gnome3-session

Also note, the I did NOT do the dist-upgrade as posted in the original article.

Logout. Choose gnome-3 at the bottom centre of the login, screen and go for it!

Gnome 3 desktop in Ubuntu 10.xx

Thanks Erick! (now I just have to figure out how to use it!)

Extra points if you can figure out where my desktop image was taken. Hint: It’s NOT in Arizona!

3

Making Ubuntu/Debian Linux do it’s own DNS (Domain Name Service)

by

Making Ubuntu/Debian Linux do it’s own DNS (Domain Name Service)

Okay so what is dns? Dns is the piece of software that translates the www.usatoday.com into http://209.97.50.34 auto-magically, behind the scenes.

Yeah those ip addresses might be a little hard to remember. Making your Linux box, be it’s own dns, means faster/quicker access to the internet. That’s what we want!

Quick comparison. Using my isp’s supplied nameserver, I did a dig on hak5.org.

;; Query time: 99 msec
;; SERVER: 68.10.16.20#53(68.10.16.20)
;; WHEN: Wed May 25 00:11:57 2011
;; MSG SIZE rcvd: 177

vs my local DNS machine:

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed May 25 00:15:19 2011
;; MSG SIZE rcvd: 46

WHOA! 99 msec vs 1 msec. Oh yeah!

While the steps outlined here are easy to follow:

* * * W A R N I N G DANGER WILL ROBINSON! W A R N I N G * * *

THESE STEPS SHOULD ONLY BE UNDERTAKEN IF YOU HAVE AN
ADVANCED KNOWLEDGE (OVER A YEAR) WITH LINUX. THIS IS not
FOR N00BS!

As always, anything with an octothorpe (#) is a comment. That and the comments that follow need NOT be coded.

NOTE that a LAN DNS Server is meant to run on a machine that is always on the Internet. In other words, up 24/7/365. You only need ONE DNS server per LAN. Remember, if you will use this for DNS resolution of any other computers on your LAN, that computer should always be running. If your DNS machine is powered off, DNS will default to the second DNS server in your router, and continue on.

1. do an ifconfig, so we have a path back to the way it was before we messed it up.


ifconfig

You will get output that looks like:

eth0 Link encap:Ethernet HWaddr 00:23:54:12:ec:6c
inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::223:54ff:fe12:ec6c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2905 errors:0 dropped:0 overruns:0 frame:0
TX packets:3651 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1808387 (1.8 MB) TX bytes:543852 (543.8 KB)
Interrupt:42 Base address:0x6000

2. The second step is to remove the network manager. YUP! I said this
ain’t for n00bs! Go to: System/Adminstration/Synaptic Package Manager

3. Type in network-manager, find network-manager and check MARK FOR COMPLETE REMOVAL. Hit apply. Network mangler is history.

4. Now change from using any dynamic dhcp assignments to a static ip LAN address.

let’s first backup the file:


cd /etc/network
sudo cp interfaces interfaces.bkp # make a backup copy of the file

using your favourite editor, change /etc/network/interfaces to read:


iface eth0 inet static # define eth0 as static
address 192.168.1.101 # and the static ip address we want
netmask 255.255.255.0 # the netmask
network 192.168.1.0 # the network
broadcast 192.168.1.255 # broadcast group
gateway 192.168.1.1 # gateway to the internet, is router ip

save and exit.

5. Now we install the dnsmasq software.


sudo apt-get install dnsmasq

6. backup /etc/resolv


cd /etc/
sudo cp /resolv.conf resolv.conf.bkp # make a backup copy of file

edit /etc/resolv.conf using your favourite editor, it should look SOMETHING like this:


domain ph.cox.net # domain name of your isp
search ph.cox.net # search doman name
nameserver 127.0.0.1 # first name server is the local machine
nameserver 68.10.16.20 # primary dns server (from isp)
nameserver 68.10.16.29 # secondary dns server (from isp)

7. Now let’s test our new configuration. Dig is a dns lookup utility


dig www.hak5.org

and you will get something that looks like:


; < <>> DiG 9.7.1-P2 < <>> www.hak5.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 17839 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.hak5.org. IN A ;; ANSWER SECTION: www.hak5.org. 63 IN A 50.19.115.126 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue May 24 19:59:55 2011 ;; MSG SIZE rcvd: 46

The item to notice is: ;; SERVER: 127.0.0.1#53(127.0.0.1

that tells us the name of the DNS server it used. Yup that's our guy!

8. But what happens if I need to change the settings for my card or....some other thing?

no fear!

wicd is a very nice replacement for network mangler.


sudo apt-get install wicd

to run:


sudo wicd-client

Enjoy your own DNS goodness.

You may need to adjust some router settings. I am running dd-wrt and so I had to do check use dnsmasq for DNS so that the 127.0.0.1 would show up in /etc/resolv.conf properly.

router changes for dd-wrt

You may need to go into wicd properties for the ethernet card, and add 127.0.0.1 as the first static dns server, then add your isp as dns 2 and 3 (or you can use google’s dns servers: 8.8.8.8 and 8.8.8.4:

Wicd Changes

And anything on your LAN would also be able to use this for a DNS server. Just point it to the LAN address of where you installed the software. In my case: 192.168.1.101. You would also need to port forward all incoming dns requests in your router for port 53 to the LAN ip of your dns server.

==========

Here is a test using my Netbook:

I changed /etc/resolv.conf on my Netbook (this is temporary, since network mangler is installed on my Netbook)

nwayno@Nelson:/etc$ cat /etc/resolv.conf
# Generated by NetworkManager
domain ph.cox.net
search ph.cox.net
nameserver 192.168.1.101
nameserver 68.10.16.20
nameserver 68.10.16.29
nameserver 8.8.8.8
nwayno@Nelson:/etc$

I changed the nameserver to point to the dns server we just created.

Now dig:
nwayno@Nelson:/etc$ dig www.hak5.org

; < <>> DiG 9.7.1-P2 < <>> www.hak5.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 16789 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.hak5.org. IN A ;; ANSWER SECTION: www.hak5.org. 129 IN A 50.19.115.126 ;; Query time: 2 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Tue May 24 23:30:00 2011 ;; MSG SIZE rcvd: 46 nwayno@Nelson:/etc$ Notice that the server address is indeed: 192.168.1.101 -- Our new DNS server. 9. Be brave and get rid of the network-mangler once you know all is well:
sudo apt-get purge network-manager

CAUTION: DO THIS ONLY IF WICD IS WORKING CORRECTLY. IF YOU DO THIS AND WICD FAILS, YOU WILL INDEED HAVE NO INTERNET CONNECTION. YOU WOULD HAVE TO GO TO ANOTHER MACHINE AND GET THE .deb FILES.

Thanks Joe and Loni, for your help.

1

Simple annotated bash script to zap a user

by

This is a really simple script, but it underscores some key concepts here. Variable assignments, while statements, checking for null input, reading input from the terminal, comparing strings, etc.

I tried to annotate this script so you could follow along the major concepts. This is pretty basic, and so are the concepts, but I hope it gives you enough to build upon.

Bash Pitfalls helps, but you need to be fairly familiar with Bash to begin with. This was over my head. YMMV applies.

Opera renders this page correctly, Chrome not so well.

Thanks Joe for the skill command/commentary

Wayno


#!/usr/bin/bash
#
#
# By. W. Guerrini 04/20/2011 V 1.0
#
# simple script to zap a user
#
#
# configuring parameters
#
# note a very common mistake is using a $ to assign a string a value
# here we are just defaulting all the string variables to null
#
# note that there is NO white noise around the equal (=) signs a very
# common mistake! (been there done that)
#
person="" # name of person we want to zap (string/not null)
ans="" # answer received from user (string/not null)
ok2nuke="Y" # the answer we expect if it's okay to zap user
#
# the echo command does just that. it echos the contents between the
# quote marks to the terminal
#
echo "Displaying Logged in Users"

#
# issue the who command to see who is logged in
#

who

#
# The who command listed all the people logged into the system.
# Choose one to terminate

echo "What person do you want to zap?"

#
# read waits for the person to enter some text on stdin, and puts
# the contents into the variable NOTE: person NOT $person
#
read person

#
# we are checking for a null string
# the while statement will loop, until the person string is NOT null
#
# the -z checks to see if the string is null. Notice here we use
# $string name ($person vs person) for the comparison
# the brackets [] are required because we are doing various type of
# operators
#
# also note the semi-colon ; at then end of the while statement --
# yup that's needed.
#
# so this while statement says, while the string $person is null
# echo hey the string is null and re-read the input
#
# once the condition is satifisfied (non null string) the while exits (done)

while [ -z "$person" ];
do
echo "Null string. Not permitted. Enter a person to zap: "
read person
done

echo "$person is NOT null."
#
# display to the user, the name of the person we want to zap.
# note again we want to display the contents of the string $person

echo "confirm you want to zap User" $person "(Y/N)"

read ans

echo "the answer is: " $ans

#
#
# again another while loop - the answer can't be a null (nothing) string
# keep prompting and waiting till the answer is not a null
#

while [ -z "$ans" ];
do
echo "$ans String is null."
read ans
done
#
#
#
echo "$ans is NOT null."

#
# now check the answer and make sure it is a CAPITAL Y
# remember we set ok2nuke to "Y" above
#
#
#
# again in the if statement note the $string names,
# the equal signs, the brackets [], and the semi-colon ;
#
# If we got a capital "Y" then execute the if statement (skill commented out)
#
# we want to compare the strings, so we enclose them in quotes (")
# NOTE: you could also use "Y" instead of $ok2nuke but this way
# it's easier to change the value
#
if [ "$ans" = "$ok2nuke" ];
then
echo "$ans was okay to zap"
# sudo skill -n -u $person
# where n is the signal you want to send
# (-1 is a graceful hangup, -15 is a termination, -9 is an immediate kill)
echo "He's Dead, Jim!"
fi
#
#
# if we didn't get a capital "Y" for the answer, it just falls through and
# exits.
#
echo "we are finished"

Script execution looks something like:


nwayno@Homer:~$ sh zap.sh
Displaying Logged in Users
nwayno tty7 2011-04-19 18:15 (:0)
nwayno pts/6 2011-04-20 14:25 (:0.0)
donuts tty9 2011-04-20 14:45 (:2)
nwayno pts/10 2011-04-20 16:16 (:0.0)
What person do you want to zap?

Null string. Not permitted. Enter a person to zap:
donuts
$person is NOT null.
confirm you want to zap User donuts (Y/N)
Y
the answer is: Y
$ans is NOT null.
$ans was okay to zap
He's Dead, Jim!
we are finished
nwayno@Homer:~$