Posts Tagged ‘debian gnu’

Installation and Configuration of Clamav antivirus on Debian GNU / Linux

Monday, September 9th, 2013

Clamav logo installing Clamav antivirus to scan periodically Debian server websites for viruses

Clamav Antivirus is one of must have packages installed on a new Debian Linux server. It is not only necessary whether configuring a new Mail server be it Qmail or Postfix but is good to have to always check files on a Webserver. Until few years infecting of Sites with Viruses / Installing WebShells or Backdooring for further access using Perl or PHP vulnerable PHP code was not so common, However nowadays with increase of complexity of languages and increase of not security minded programmers this possibility dramatically increaed. Thus nowadays, whether I configure a new Apache + PHP + CGI support server I always install Clamav AV. Some might argue that Clamav Virus definitions are still too little compared to proprietary solutions like BitDefender / AVG or Avast but since my experience with this under Linux is not so bright as well as Clamav captures essential Viruses and Backdoors I still prefer to keep on with Clamav.  Even on home Desktops with Linux clamav is of use as there are plenty of free-ware software for Linux which come only distributed only in a binary form and hence its good to check them with clamav before use whether they don't contain some well known Rootkit or Virus. Over the years Clamav has done great job for me whether I had to clean up "hacked" hosts containing  script kiddie exploit scanners or Virus infected ELF binaries
.
1. Installing ClamAV in Debian Wheezy Linux

Before time there was a separate Debian repository called Volatille providing latest version release of Clamav, since Debian Squeeze Volatille project is discontinued, thus installing on Wheezy as a deb package is only available via standard Debian repositories.

apt-get update && apt-get --yes upgrade
...

apt-get install --yes clamav clamav-daemon

As package dependencies you get installed:

clamav clamav-base clamav-freshclam libbz2-1.0 libclamav1 libcurl3 libidn11 ucf

Clamav-Daemon will launch immediately after packages are installed and is available as process name /usr/sbin/clamd

# ps ax |grep -i clam
 2641 ?        Ssl    6:39 /usr/sbin/clamd
 2791 ?        Ss    12:04 /usr/bin/freshclam -d --quiet
12300 pts/0    S+     0:00 grep -i clam

2. Updating Clamav Antivirus Definitions

Its worthy say few words on clamav-freshclam as it is part of ClamAV which is used to update Clamav Virus definitions. Update of ClamAV vir definitions are updating automatically through /usr/bin/freshclam daemon which is started automatically by Debian postconfiguration scripts right after Clamav install.

Manual update of AV definitions can be done also with freshclam.

# freshclam
ClamAV update process started at Sun Sep  8 17:48:36 2013
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cvd is up to date (version: 17830, sigs: 1696886, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 225, sigs: 42, f-level: 63, builder: dgoddard)


To keep an eye on definition auto-updates (useful to check where something fails), check out in /var/log/clamav/freshclam.log

A sure indication that Anvirus updates are conducting fine should be log records like:
 

Sun Sep  8 16:27:44 2013 -> ————————————–
Sun Sep  8 17:27:44 2013 -> Received signal: wake up
Sun Sep  8 17:27:44 2013 -> ClamAV update process started at Sun Sep  8 17:27:44 2013
Sun Sep  8 17:27:44 2013 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Sun Sep  8 17:27:44 2013 -> daily.cld is up to date (version: 17830, sigs: 1696886, f-level: 63, builder: neo)
Sun Sep  8 17:27:44 2013 -> bytecode.cld is up to date (version: 225, sigs: 42, f-level: 63, builder: dgoddard)
Sun Sep  8 17:27:47 2013 -> ————————————–



3. Configuring ClamAV

For Desktop use clamav default config is pretty good. However for servers its good to raise  2 up MaxThreads:

By default MaxThreads is 12

MaxThreads 12

Change to from 30 to 80 depending on how powerful machine ClamAV runs, even on some servers more Clamav threads might be necessary

MaxThreads 30

Other value I like changing is SelfCheck 3600 is too long time for clamav Virus definitions integrity I prefer to set it to 600, i.e.

SelfCheck 600

By default ClamAV is also configured to scan archive files as well. However for this to work you will have to have previously installed unzip and unrar on system. If still you don't have them installed run:

# apt-get install --yes unrar unzip
...

Note that you will need to have non-free part of Debian deb repositories to /etc/apt/sources.list

Here is one of my sources.list
 

deb http://ftp.uk.debian.org/debian squeeze main contrib non-free
deb http://security.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free

deb http://ftp.debian.skynet.be/ftp/debian/ squeeze main contrib non-free
deb-src http://ftp.debian.skynet.be/ftp/debian/ stable main contrib non-free

deb http://security.debian.org squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free

3. Scanning with ClamAV

# clamscan -r /tmp/
./dos-58.160.208.43: OK
./dos-108.18.38.140: OK
./dos-188.194.80.100: OK
./dos-91.224.160.135: OK
./dos-128.253.117.70: OK
./dos-128.172.143.110: OK
./dos-77.92.102.34: OK
./dos-195.230.5.12: OK
...

....
----------- SCAN SUMMARY -----------
Known viruses: 2735887
Engine version: 0.97.8
Scanned directories: 1
Scanned files: 129
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 4.769 sec (0 m 4 s)


-r flag stands for recursive scan – e.g. scan all sub-directories in directory and its content

To not flood your console / ssh connection one very useful option is -i (print only whetherinfected files are matched). Here is one more sample case:

# clamscan -r -i /var/tmp/
----------- SCAN SUMMARY -----------
Known viruses: 2735887
Engine version: 0.97.8
Scanned directories: 1
Scanned files: 2
Infected files: 0
Data scanned: 0.26 MB
Data read: 0.13 MB (ratio 1.97:1)
Time: 4.824 sec (0 m 4 s)


Whether you're on a physical server console and it has pc speaker or sound blaster use –bell option to ring a bell every time a Virus infection is found, for exmpl.

# clamscan -r -i --bell /var/www/

4. Scanning periodically and reporting with ClamAV directories with websites

A very common use of ClamAV is to just setup a scheduled cronjob once a month to scan, whether server folder containing a bunch of websites in separate Virtualhosts contain some viruses or malicious stuff. Then as administrator check those logs once a month to make sure server site or group of sites does not become banned in search engine (blocked by Google Chrome and Firefox as Virus hotbed) …
# crontab -u root -e
00 02 01 * * clamscan -r /var/www -l /var/log/websites-scan.log

Then once a month check out /var/log/websites-scan.log

Share this on

Happy Birthday Debian! – Rejoice, Debian GNU / Linux turns 20 :)

Wednesday, August 28th, 2013

Debian Happy birthday cake with debian logo spiral - Debian Linux becomes 20 years old

 A bit outdated news but still worthy to mention as Debian GNU / Linux is important part of my life. On 16 of August this year Debian turned 20 years! I'm actively using Debian Linux for servers and Desktops over the past 13 years and for this time I've seen right before my eyes how debian grow and from buggy hobbyinst Linux distribution became a robust and rock-solid OS. Moreover Debian is now practically the most important Linux distribution around. Thanks to it currently a thousands of other world changing distributions like Ubuntu, Arch Linux, Knoppix Linux LiveCD, Linux Mint etc. Debian is truly multi platform as of time of writting supports 10 hardware architecture (platforms) – in this number Embedded devices like ARM processors, has translation of most shipped software to 73 languages and comes with about 20 000 installable software packages. Contribution of Debian GNU Linux for Free software community is immerse, hundreds of millions or even billion Debian servers or some kind of Debian based OSes are running all around the net. Besides that Debian is one of the largest if not the biggest and most influential Open Source Project. By its essence existing of Debian is just a miracle. 
Though out of date again,  lets great each other with Happy Debian Anniversary and Wish Debian a many and healthy years of successful development!

Share this on

Linux: Generating Web statistics from Old Apache logs with Webalizer

Thursday, July 25th, 2013

Webalizer generate and visualize in web page statistics of old websites howto webalizer static html google analytics like statistics on linux logo

Often it happens, that some old hosted websites were created in a way so no Web Statistics are available. Almost all modern created websites nowadays are already set to use Google AnalyticsAnyhow every now and then I stumble on hosting clients whose websites creator didn't thought on how to track how many hits or unique visitors site gets in a month / year etc.
 Thanksfully this is solvable by good "uncle" admin with help with of Webalizer (with custom configuration) and a little bit of shell scripting.

The idea is simple, we take the old website logs located in lets say 
/var/log/apache2/www.website-access.log*,
move files to some custom created new directory lets say /root/www.website-access-logs/ and then configure webalizer to read and generate statistics based on log in there.

For the purpose, we have to have webalizer installed on Linux system. In my case this is Debian GNU / Linux.

For those who hear of Webalizer for first time here is short package description:

debian:~# apt-cache show webalizer|grep -i description -A 2

Description-en: web server log analysis program
The Webalizer was designed to scan web server log files in various formats
and produce usage statistics in HTML format for viewing through a browser.

 If webalizer is not installed still install it with:

debian:~# apt-get install --yes webalizer
...
.....

Then make backup copy of original / default webalizer.conf (very important step especially if server is already processing Apache log files with some custom webalizer configuration:

debian:~# cp -rpf /etc/webalizer/webalizer.conf /etc/webalizer/webalizer.conf.orig

Next step is to copy webalizer.conf with a name reminding of website of which logs will be processed, e.g.:

debian:~# cp -rpf /etc/webalizer/webalizer.conf /etc/webalizer/www.website-webalizer.conf

In www.website-webalizer.conf config file its necessary to edit at least 4 variables:

LogFile /var/log/apache2/access.log
OutputDir /var/www
#Incremental no
ReportTitle Usage statistics for

 Make sure after modifying 3 vars read something like:  
LogFile /root/www.website/access_log_merged_1.log
OutputDir /var/www/www.website
Incremental yes
ReportTitle Usage statistics for Your-Website-Host-Name.com

Next create /root/www.website and /var/www/www.website, then copy all files you need to process from /var/log/apache2/www.website* to /root/www.website:

debian:~# mkdir -p /root/www.website
debian:~# cp -rpf /var/log/apache2/www.website* /root/www.website

On Debian Apache uses logrotate to archive old log files, so all logs except www.website-access.log and wwww.website-access.log.1 are gzipped:

debian:~#  cd /root/www.website
debian:~# ls 
www.website-access.log.10.gz
www.website-access.log.11.gz
www.website-access.log.12.gz
www.website-access.log.13.gz
www.website-access.log.14.gz
www.website-access.log.15.gz
www.website-access.log.16.gz
www.website-access.log.17.gz
www.website-access.log.18.gz
www.website-access.log.19.gz
www.website-access.log.20.gz
...
 

Then we have to un-gzip zipped logs and create one merged file from all of them ready to be red later by Webalizer. To do so I use a tiny shell script like so:

for n in {52..1}; do gzip -d www.dobrudzhatour.net-access.log.$n.gz; done
for n in {52..1}; do cat www.dobrudzhatour.net-access.log.$n >> access_log_merged_1.log;
done

First look de-gzips and second one does create a merged file from all with name access_merged_1.log The range of log files in my case is from www.website-access.log.1 to www.website-access.log.52, thus I have in loop back number counting from 52 to 1.

Once access_log_merged_1.log is ready we can run webalizer to process file (Incremental) and generate all time statistics for www.website:

debian:~# webalizer -c /etc/webalizer/webalizer-www.website-webalizer.conf

Webalizer V2.01-10 (Linux 2.6.32-27-server) locale: en_US.UTF-8
Using logfile /root/www.website/access_log_merged_1.log (clf)
Using default GeoIP database Creating output in /var/www/webalizer-www.website
Hostname for reports is 'debian'
Reading history file… webalizer.hist
Reading previous run data.. webalizer.current
333474 records (333474 ignored) in 37.50 seconds, 8892/sec

To check out just generated statistics open in browser:

http://yourserverhost/webalizer-www.website/

or

http://IP_Address/webalizer-www.website

 You should see statistics pop-up, below is screenshot with my currently generated stats:

Webalizer website access statistics screenshot Debian GNU Linux

Share this on

Check your GNU / Linux Desktop for all used “Evil” Non-free ( proprietary ) Software with VRMS

Wednesday, June 26th, 2013

Virtual Richard  Stallman VRMS Check what non free software is on your GNU Linux system

If you want to be strict on using only Free Software (in a as in freedom sense), just like Richard Stallman. You will be happy to know there is a tool in Linux called Virtual Richard Stallman ( vrms – report of installed non-free software ) 🙂

On launch vrms simply lists, all software and software documentation installed on Debian GNU / Linux  that is not 100% free software licenses / GPL compatbile. This is software installed via non-free  package Debian repositories or somehow not sticking to the standards of Debian Free Software Guidelines. Of course living with 100% free software is only for the hard core free software evangelists and rarely there is someone who can use computer on daily basis without some bits of proprietary software like flashplugin-nonfree, Skype rar, unrar. I tried for a while living on only 100% free software but didn't succeeded cause some non-free software is still a must to be able to not detach from "Digital Society". Living on only free software is not easy especially if you want to have normal multimedia  stuff on Desktop. Anyways even if you don't plan to purge your non-free software vrms is useful to list what free-software is installed on PC.

noah:~# apt-cache show vrms|grep -i description

Description-en: virtual Richard M. Stallman
 The vrms program will analyze the set of currently-installed packages
 on a Debian-based system, and report all of the packages from the
 non-free and contrib trees which are currently installed.
 .

Install vmrs with:

noah:~# apt-get install --yes vrms

 

Reading package lists… Done
Building dependency tree      
Reading state information… Done
The following packages were automatically installed and are no longer required:
  liboggkate1 xulrunner-10.0
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
  vrms
0 upgraded, 1 newly installed, 0 to remove and 101 not upgraded.
Need to get 0 B/13.0 kB of archives.
After this operation, 102 kB of additional disk space will be used.
Retrieving bug reports… Done
Parsing Found/Fixed information… Done
Selecting previously unselected package vrms.
(Reading database … 226672 files and directories currently installed.)
Unpacking vrms (from …/apt/archives/vrms_1.16_all.deb) …
Processing triggers for man-db …
Setting up vrms (1.16) …

  Below is a list of all non-free software installed on my Debian 7 Thinkpad:

noah:~# vrms

                Non-free packages installed on noah

acroread                            Adobe Acrobat Reader: Portable Document Format file vi
acroread-data                       data files for acroread
acroread-dictionary-en              English dictionary for for acroread
acroread-escript                    Adobe EScript Plug-In
acroread-l10n-en                    English language package for acroread
firmware-iwlwifi                    Binary firmware for Intel PRO/Wireless 3945 and 802.11
frogatto-data                       2D platformer game starring a quixotic frog
mame                                Multiple Arcade Machine Emulator (MAME)
mame-tools                          Tools for MAME and MESS
mess                                Multi Emulator Super System (MESS)
mess-data                           Data files for the Multi Emulator Super System (MESS)
mozilla-acroread                    Adobe Acrobat(R) Reader plugin for mozilla / konqueror
nikto                               web server security scanner
opera                               Fast and secure web browser and Internet suite
rar                                 Archiver for .rar files
skype                               Skype
teamviewer                          TeamViewer (Remote Control Application)
unrar                               Unarchiver for .rar files (non-free version)
xmame-tools                         Transitional package for mame-tools

                Contrib packages installed on noah

cbedic                              Text-mode Bulgarian/English Dictionary
dosemu                              DOS Emulator for Linux
flashplugin-nonfree                 Adobe Flash Player – browser plugin
frogatto                            2D platformer game starring a quixotic frog
gnome-video-arcade                  Simple MAME frontend
mess-desktop-entries                Desktop entries for MESS ROMs
ttf-mscorefonts-installer           Installer for Microsoft TrueType core fonts
winetricks                          package manager for WINE to install software easily

     Contrib packages with status other than installed on noah

gxmame                              ( dei)  GTK XMame frontend

  19 non-free packages, 0.8% of 2531 installed packages.
  9 contrib packages, 0.4% of 2531 installed packages.

 

If you want to go the Stallman way and be a 100% Free Software user, Go free and purge all "evil" non-free software  🙂 issue:

# for i in $(vrms -q|grep -v 'Contrib packages'|grep -v 'Non-free'|awk '{ print $1 }' | awk 'NF'); \
do \
apt-get remove --yes $i; dpkg --purge $i; done

 

Share this on

Linux Currency convert GUI tool KeuroCalc / Convert world currencies Desktop Linux application, Convert USD to EUR

Thursday, April 25th, 2013

keurocalc Linux convert us dollars to euro and to rest of major world currencies

If you happen to run a small business or you're just an adventurer who use Linux for his notebook Desktop. Sooner or later you will end up needing Linux software to convert between world currencies. Some might argue that such a software is obsolete since already there are the Google Currency Converter and plenty of other (online) web currency converter sites. However for people like to use desktop applications like me it is much better to use a separate desktop tool which do currency convertion. If this is the case with and you happen to use Debian GNU / Linux, Ubuntu Fedora or any other main stream Linux distribution on your Linux powered Laptop or Tablet you will be surely happy to know about KEuroCalc – Universal Currency Converter. As all "K"-named starting Linux apps unfortunately keurocalc is using QT KDE graphic library and thus whenever used on GNOME it starts a bunch of KDE services (kedinit,klauncher, kded), however the load of this few on any modern notebook or PC is neglectably low so for most users the only disadvantage of kerocalc might be interface is looking a bit different compared to rest of Gnome GTK+ programs.

To install keurocalc on deb based Linuces e.g. – Debian / Ubuntu, ArchLinux ..:

noah:~# apt-cache show keurocalc|grep -i description -A 3

Description: universal currency converter and calculator – binary package
 KEurocalc is a universal currency converter and calculator.
 It downloads latest exchange rates directly from the
 European Central Bank and the Federal Reserve Bank of New York.
 

noah:~# apt-get install --yes keurocalc

Reading package lists… Done
Building dependency tree      
Reading state information… Done
The following NEW packages will be installed:
  keurocalc
0 upgraded, 1 newly installed, 0 to remove and 23 not upgraded.
Need to get 0 B/87.8 kB of archives.
After this operation, 319 kB of additional disk space will be used.
Selecting previously deselected package keurocalc.
(Reading database … 393466 files and directories currently installed.)
Unpacking keurocalc (from …/keurocalc_1.0.3-2_amd64.deb) …
Processing triggers for hicolor-icon-theme …
Processing triggers for man-db …
Processing triggers for menu …
Processing triggers for gnome-menus …
Processing triggers for desktop-file-utils …
Setting up keurocalc (1.0.3-2) …
Processing triggers for menu …

On Fedora, CentOS and rest of RPM based Linux distros keurocalc is installable too out of default package repositories:

[root@fedora ~]# yum -y -q install keurocalc
....

 

Here is a snapshot of keurocalc GUI interface;

Linux Universal Currency Converter Keurocalc

Keurocalc Linux universal currency converter settings screenshot

As you see from settings screenshot, information about rates can be obtained from 2 sources; – European Central Bank and New York Federal Reserve Bank. I give a try also to Euro, no network access (fixed rates only) method but unfortunately by choosing it you can only convert between Fixed Currencies (currencies which are already not in use – in EU member states who dropped their local currencies in favor of EURO).

I've tested the program and it works good, the disadvantage is convertion between some of the World currencies of countries with non-transparent planned (Soviet like) economies for example Belarus is not among app list of convertable currencies.

Share this on

Install Sendmail mail server on Debian GNU / Linux

Sunday, March 31st, 2013

Installing sendmail on Debian Linux is something not so common these days. As sendmail has been overshadowed by his competitors Exim and Postfix. By default Debian Linux comes with Exim (light) installed as Exim is tiny and perfectly suitable for dealing with small and mid-sized SMTP needs. The reason why sendmail has been moved out by its competitors over the last 15 years is sendmail configuration is one big hell and besides that sendmail has been well known for its many security remote exploit holes – making it a famous target for crackers. Well anyways in some cases sendmail is necessary to install especially if you have a client which wants to have it set up. In this short article I will show how very basic sendmail installation on Debian host is done.

 blackstar:~# apt-get install sendmail-bin sensible-mda

Reading package lists… Done
Building dependency tree      
Reading state information… Done

The following extra packages will be installed:
  sendmail-base sendmail-cf sensible-mda
Suggested packages:
  sendmail-doc logcheck resolvconf sasl2-bin
The following packages will be REMOVED:
  exim4 exim4-base exim4-config exim4-daemon-light sa-exim task-mail-server
The following NEW packages will be installed:
  sendmail-base sendmail-bin sendmail-cf
0 upgraded, 3 newly installed, 6 to remove and 26 not upgraded.
Need to get 1,626 kB of archives.
After this operation, 592 kB disk space will be freed.
Do you want to continue [Y/n]? Y
Get:1 http://ftp.bg.debian.org/debian/ wheezy/main sendmail-base all 8.14.4-2.1 [362 kB]
Get:2 http://ftp.bg.debian.org/debian/ wheezy/main sendmail-cf all 8.14.4-2.1 [300 kB]
Get:3 http://ftp.bg.debian.org/debian/ wheezy/main sendmail-bin i386 8.14.4-2.1 [964 kB]
Fetched 1,626 kB in 0s (3,057 kB/s)  
(Reading database … 199577 files and directories currently installed.)
Removing task-mail-server …
Selecting previously unselected package sendmail-base.
(Reading database … 199577 files and directories currently installed.)
Unpacking sendmail-base (from …/sendmail-base_8.14.4-2.1_all.deb) …
Selecting previously unselected package sendmail-cf.
Unpacking sendmail-cf (from …/sendmail-cf_8.14.4-2.1_all.deb) …
Processing triggers for man-db …
(Reading database … 199939 files and directories currently installed.)
Removing sa-exim …
[….] Reloading exim4 configuration files:invoke-rc.d: initscript exim4, action "reload" failed.
dpkg: exim4-config: dependency problems, but removing anyway as you requested:
 exim4-base depends on exim4-config (>= 4.30) | exim4-config-2; however:
  Package exim4-config is to be removed.
  Package exim4-config-2 is not installed.
  Package exim4-config which provides exim4-config-2 is to be removed.
 exim4-base depends on exim4-config (>= 4.30) | exim4-config-2; however:
  Package exim4-config is to be removed.
  Package exim4-config-2 is not installed.
  Package exim4-config which provides exim4-config-2 is to be removed.

Removing exim4-config …
dpkg: exim4-daemon-light: dependency problems, but removing anyway as you requested:
 exim4 depends on exim4-daemon-light | exim4-daemon-heavy | exim4-daemon-custom; however:
  Package exim4-daemon-light is to be removed.
  Package exim4-daemon-heavy is not installed.
  Package exim4-daemon-custom is not installed.
 bsd-mailx depends on default-mta | mail-transport-agent; however:
  Package default-mta is not installed.
  Package exim4-daemon-light which provides default-mta is to be removed.
  Package mail-transport-agent is not installed.
  Package exim4-daemon-light which provides mail-transport-agent is to be removed.
 bsd-mailx depends on default-mta | mail-transport-agent; however:
  Package default-mta is not installed.
  Package exim4-daemon-light which provides default-mta is to be removed.
  Package mail-transport-agent is not installed.
  Package exim4-daemon-light which provides mail-transport-agent is to be removed.

Removing exim4-daemon-light …
[ ok ] Stopping MTA:.
ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken
dpkg: exim4-base: dependency problems, but removing anyway as you requested:
 exim4 depends on exim4-base (>= 4.80).

Removing exim4-base …
Processing triggers for man-db …
Selecting previously unselected package sendmail-bin.
(Reading database … 199786 files and directories currently installed.)
Unpacking sendmail-bin (from …/sendmail-bin_8.14.4-2.1_i386.deb) …
Processing triggers for man-db …
Setting up sendmail-base (8.14.4-2.1) …
adduser: Warning: The home directory `/var/lib/sendmail' does not belong to the user you are currently creating.
Setting up sendmail-cf (8.14.4-2.1) …
Setting up sendmail-bin (8.14.4-2.1) …
update-rc.d: warning: default stop runlevel arguments (0 1 6) do not match sendmail Default-Stop values (1)
update-alternatives: using /usr/lib/sm.bin/sendmail to provide /usr/sbin/sendmail-mta (sendmail-mta) in auto mode
update-alternatives: using /usr/lib/sm.bin/sendmail to provide /usr/sbin/sendmail-msp (sendmail-msp) in auto mode
update-alternatives: warning: not replacing /usr/share/man/man8/sendmail.8.gz with a link

You are doing a new install, or have erased /etc/mail/sendmail.mc.
If you've accidentaly erased /etc/mail/sendmail.mc, check /var/backups.

I am creating a safe, default sendmail.mc for you and you can
run sendmailconfig later if you need to change the defaults.

[ ok ] Stopping Mail Transport Agent (MTA): sendmail.
Updating sendmail environment …
Validating configuration.
Writing configuration to /etc/mail/sendmail.conf.
Writing /etc/cron.d/sendmail.
Could not open /etc/mail/databases(No such file or directory), creating it.
Could not open /etc/mail/sendmail.mc(No such file or directory)
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Writing configuration to /etc/mail/sendmail.conf.
Writing /etc/cron.d/sendmail.
Turning off Host Status collection
Could not open /etc/mail/databases(No such file or directory), creating it.
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/databases…

Checking filesystem, this may take some time – it will not hang!
  …   Done.
 
Checking for installed MDAs…
Adding link for newly extant program (mail.local)
Adding link for newly extant program (procmail)
sasl2-bin not installed, not configuring sendmail support.

To enable sendmail SASL2 support at a later date, invoke "/usr/share/sendmail/update_auth"

 
Creating/Updating SSL(for TLS) information
Creating /etc/mail/tls/starttls.m4…
Creating SSL certificates for sendmail.
Generating DSA parameters, 2048 bit long prime
This could take some time
…+………………..+.+..+..+++
..+.+………….+.++++++++++++++++++++++++++++++*
Generating RSA private key, 2048 bit long modulus
………………..+++
…………………+++
e is 65537 (0x10001)

*** *** *** WARNING *** WARNING *** WARNING *** WARNING *** *** ***

Everything you need to support STARTTLS (encrypted mail transmission
and user authentication via certificates) is installed and configured
but is *NOT* being used.

To enable sendmail to use STARTTLS, you need to:
1) Add this line to /etc/mail/sendmail.mc and optionally
   to /etc/mail/submit.mc:
  include(`/etc/mail/tls/starttls.m4')dnl
2) Run sendmailconfig
3) Restart sendmail

 
Updating /etc/hosts.allow, adding "sendmail: all".

Please edit /etc/hosts.allow and check the rules location to
make sure your security measures have not been overridden –
it is common to move the sendmail:all line to the *end* of
the file, so your more selective rules take precedence.
Checking {sendmail,submit}.mc and related databases…
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/databases…
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/databases…
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/Makefile…
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Writing configuration to /etc/mail/sendmail.conf.
Writing /etc/cron.d/sendmail.
Disabling HOST statistics file(/var/lib/sendmail/host_status).
Creating /etc/mail/sendmail.cf…
*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`always_add_domain')*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`allmasquerade')*** ERROR: FEATURE() should be before MAILER()
 
Creating /etc/mail/submit.cf…
Informational: confCR_FILE file empty: /etc/mail/relay-domains
Warning: confCT_FILE source file not found: /etc/mail/trusted-users
 it was created
Informational: confCT_FILE file empty: /etc/mail/trusted-users
Warning: confCW_FILE source file not found: /etc/mail/local-host-names
 it was created
Warning: access_db source file not found: /etc/mail/access
 it was created
Updating /etc/mail/access…
Linking /etc/aliases to /etc/mail/aliases
Updating /etc/mail/aliases…

WARNING: local host name (blackstar) is not qualified; see cf/README: WHO AM I?
/etc/mail/aliases: 13 aliases, longest 10 bytes, 145 bytes total
 
Warning: 3 database(s) sources
    were not found, (but were created)
    please investigate.
 
Warning: These messages were issued while creating sendmail.cf
    make sure they are benign before starting sendmail!
 
Errors in generating sendmail.cf
*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`always_add_domain')*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`allmasquerade')*** ERROR: FEATURE() should be before MAILER()
 
[ ok ] Starting Mail Transport Agent (MTA): sendmail.
(Reading database … 199837 files and directories currently installed.)
Removing exim4 …
 

Right after packages gets installed it is good idea to get rid of any remains of previous exim SMTP install, run;

blackstar:~# dpkg --purge exim4
blackstar:~# dpkg --purge exim4-base
blackstar:~# dpkg --purge exim4-config
blackstar:~# dpkg --purge exim4-daemon-light
blackstar:~# dpkg --purge sa-exim

blackstar:~# grep -i sendmail /etc/passwd
smmta:x:121:128:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:124:129:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
blackstar:~# grep -i -E "smmta|smmsp" /etc/passwd
smmta:x:121:128:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:124:129:Mail Submission Program,,,:/var/lib/sendmail:/bin/false

Sendmail install does create two new users smmta and smmsp in /etc/passwd and /etc/group

As you see from earlier apt-get output sendmail is provided on Debian via 4 packs:

root@blackstar:~# dpkg -l |grep -i sendmail
ii  libmail-sendmail-perl                0.79.16-1                          all          Send email from a perl script
ii  sendmail-base                        8.14.4-2.1                         all          powerful, efficient, and scalable Mail Transport Agent
ii  sendmail-bin                         8.14.4-2.1                         i386         powerful, efficient, and scalable Mail Transport Agent
ii  sendmail-cf                          8.14.4-2.1                         all          powerful, efficient, and scalable Mail Transport Agent

libmail-sendmail-perl installs a perl module (class)  /usr/share/perl5/Mail/Sendmail.pm.

sendmail-bin contains main sendmail components binary files, cron bindings related to sendmail, some manual pages and creates structure necessary for sendmail to process email queue. sendmail-cf provides a multitude of sendmail configurations in macroses and few documentation files on the macros configuration. All sendmail configuration macros are stored in /usr/share/sendmail/* – there are pleny of .m4 configs so for people who never installed sendmail it is really confusing.

sendmail-base package contains some bindings on how to to log rotate sendmail log files, few more sendmail binaries who deal with sendmail architecture, few files whether sendmail is run via PPP or DHCP connection, some documentation and example files. Sendmail documentation is installed in /usr/share/doc/sendmail*,  unfortunately documentation there is scarce so for extended documentation it is good to check Sendmail's Official site

To check if sendmail is running you should have it visible  in the list of running processes;

root@blackstar:~# ps xa|grep sendmail|grep -v grep
  468 ?        Ss     0:00 sendmail: MTA: accepting connections        

Further on it should be accepting connections on localhost / 25, i.e.

root@blackstar:~# telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 blackstar ESMTP Sendmail 8.14.4/8.14.4/Debian-2.1; Sat, 30 Mar 2013 19:09:47 +0200; (No UCE/UBE) logging access from: localhost(OK)-localhost [127.0.0.1] ^]
telnet> quit
 

 

Sendmail's configuration is being generated using a macro file using a macro processor via m4 command. There are few files, used as a basis for generation the final m4 most important of course is /etc/mail/sendmail.mc and sendmail.cf  –  /etc/mail/sendmail.cf, sendmail.mc after processed with the mambo-jambo with m4 generates the complex and about 15 times larger by size sendmail.cf.
All configs related to generating files instructing how sendmail will operate are stored in /etc/mail;

blackstar:~#  ls -1
access
access.db
address.resolve
aliases
aliases.db
databases
helpfile
local-host-names
m4
Makefile
peers
sasl
sendmail.cf
sendmail.cf.errors
sendmail.conf
sendmail.mc
service.switch
service.switch-nodns
smrsh
spamassassin
submit.cf
submit.mc
tls

sendmail.cf.errors
– contains errors during processing of macros config files.

 

root@blackstar:/etc/mail# cat sendmail.cf.errors
*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`always_add_domain')*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`allmasquerade')*** ERROR: FEATURE() should be before MAILER()

This errors, are not fatal as sendmail.cf is there and sendmail is from now on ready to send mails via localhost.

To check if sendmail delivers mails onwards, use mail cmd;
 

hipo@blackstar:~$ mail -s "testing" test@pc-freak.net
this is a simple test email
Do you get it?
.
Cc:

To see all is fine with mail delivery check out /var/log/mail.log

blackstar:~# tail -f /var/log/mail/log
Mar 30 21:23:05 blackstar sm-msp-queue[1495]: unable to qualify my own domain name (blackstar) -- using short name
Mar 30 21:23:09 blackstar sm-mta[1499]: STARTTLS=client, relay=mail.pc-freak.net., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256
Mar 30 21:23:11 blackstar sm-mta[1524]: r2UJN8x2001524: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v4
Mar 30 21:23:13 blackstar sm-mta[1499]: r2UJKwqR001412: to=<hipo@pc-freak.net>, ctladdr=<root@blackstar> (0/0), delay=00:02:15, xdelay=00:00:10, mailer=esmtp, pri=210313, relay=mail.pc-freak.net. [83.228.93.76], dsn=2.0.0, stat=Sent (ok 1364671405 qp 7492)
Mar 30 21:24:28 blackstar sendmail[1532]: My unqualified host name (blackstar) unknown; sleeping for retry
Mar 30 21:27:16 blackstar sendmail[1633]: My unqualified host name (blackstar) unknown; sleeping for retry

As you see there is an error in mail.log
 

blackstar sendmail[1532]: My unqualified host name (blackstar) unknown; sleeping for retry


This is because blackstar is not assigned as a a host recognized to 127.0.0.1 in /etc/hosts. To solve it on my host I had to change /etc/hosts which looked like so:

blackstar:~# cat /etc/hosts
127.0.0.1    localhost
127.0.1.1    blackstar
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

to

blackstar:~# vim /etc/hosts

127.0.0.1    localhost localhost.localdomain blackstar
127.0.1.1    blackstar

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
 

 

Then restart sendmail to reread /etc/hosts
 

root@blackstar:/etc/mail# /etc/init.d/sendmail restart
[ ok ] Restarting Mail Transport Agent (MTA): sendmail.

 

Share this on

Disable bluetooth on Linux IBM / Lenovo Thinkpad laptops

Thursday, February 14th, 2013

bluetooth gnu linux disable bluetooth linux how to tux logo bluetooth thinkpad

I have a Debian GNU / Linux squeeze with bluetooth and bluetooth is started automatically on system boot. This is pretty annoying, cause I use bluetooth quite rarely.
 disable / enable bluetooth via terminal is controlled via Linux sysfs virtual filesystem. The command to disable bluetooth one time is:

debian:~# echo 0 > /sys/devices/platform/thinkpad_acpi/bluetooth_enable

It is efficient in terms of energy saving especially if you use often your notebook on battery to turn off bluetooth permanently and only enable it when needed with:

debian:~# echo 1 > /sys/devices/platform/thinkpad_acpi/bluetooth_enable

To permanently disable bluetooth on Linux boot use:

# service bluetooth stop

In /etc/rc.local before exit 0 line place:

echo 0 > /sys/devices/platform/thinkpad_acpi/bluetooth_enable

An alternative method to permanently disable bluetooth (on other non-Thinkpad – any brand laptops) is via rfkill (bluetooth device control interface), on Ubuntu rfkill is installed by default but Debian users has to explicitly install it via apt:

debian:~# apt-get install –yes rfkill

Once rfkill is installed on host put a line before exit 0 in /etc/local:

rfkill block bluetooth
 

Share this on

Tracking daily Tasks (Work) with TimeTracker on Debian GNU / Linux with GNOME environment

Thursday, January 31st, 2013

Linux task tracking time and task tracking on Linux desktop Ubuntu Debian Fedora time tracker (hamster) task manager tool

Whether you're a self employed free-lancer, a manager using Linux as a desktop or just a freaky enthusiast concerned of tracking, optimizing and future spending his time efficiently you will definitely need to know of existence of GNOME little tool called Time Tracker.

Time Tracker is installed on Debian GNU / Linux by installing a package hamster-applet.
The Official name under which time tracker is popular is Project Hamster – check out site here.
hamster-applet version installed on my Debian stable Squeeze as of time of writing is a bit obsolete cause Hamster Project Time Tracking tool is official part of GNOME and already Debian Squeeze GNOME version is about 2 years old (still running GNOME 2.30.2).  In future Debian releases and current Debian unstable releases, the package under which it is installed is hamster-time-tracker

Below is package description;

hipo@noah:~$ apt-cache show hamster-applet | grep -i desc -A 7
Description: time tracking applet for GNOME
 Project Hamster helps you to keep track of how much time you spend on various
 activities during the day.  Whenever you move from one task to another, you
 change your current activity in the GNOME applet.
 .
 It can present graphical statistics of how long you have spent on each task,
 and may be useful for project management or keeping employee timesheets.
Homepage: http://live.gnome.org/ProjectHamster
I've not tested it on Fedora and RPM based Linux distributions but I assume there Time Tracker should be installed as part of GNOME.

Hamster Time Tracker can be set as applet in GNOME as well as can be run straight from gnome-terminal with:

$ hamster-standalone

or

$ gnome-time-tracker

Hamster Time Tracker is programmed in Python and uses GNOME GTK2 interface, actually above 2 commands are python scripts.

To use GNOME applet in GNOME2, just add it to GNOME panel by pressing on Panel with right mouse button and selecting;

Add to Panel -> Project Hamster

Below is example, of Time Tracker applet in action. No Activity indicates there is no current started work on Task. It is pretty easy to add new Tasks and bind tags to it. Type Activity (type), the tags and click Start Tracking. Activity is tracked from this moment until stopped.

Hamster time-tracker linux task manager application

Time Tracker supports also Task tagging as well as sorting separate tasks into task Categories, this is done by pressing on little paper with pencil icon located right of each task.

Standalone application hamster-standalone, also has support for statistics, however to generate statistics for your Tasks and work habits you need to use the soft and have data for at least 1 week time. To get statistics follow use menus:

Tracking -> Statistics


It  has also nice Task reporting embedded to get Report through pressing CTRL+0;

Tracking -> Overview

overview Task reporting time tracker Debian Linux

Using Save Report button reports, can be exported to HTML files, so it is quite easily to export statistics over worked time to lets say a Samba Share, or hard disk configured to be visible via WebServer so you can get information about your work efficiency via Web.

Program also supports automatic stop of certain Task tracking in case if computer is inactive for a while. For those who tend to remember what kind of task is active, there is embedded auto reminder timer to set from Preferences

hamster time-tracker preferences screenshot Debian GNU Linux

WorkSpaces
tab from preferences allows configuring Time Tracker to automatically stop / start Task on Switch Workspace action.

Time Tracker is good software for anyone looking for good Task Management (non-centralized) software for Office Company environment working with Free Software. Hamster Project – Time Tracker still lacks support for centralized server reporting auto-upload and multiple employees stats generation however if from multiple computers reports are send to e certain e-mail account to process reports it will be relatively easy and cheap to embed it for multiple Office employees Task Tracking and preparing Employee worked Tasks hours / efficiency in Weekly, Monthly, Quarterly reports. For big projects, where planning and GANTT charts are required it is useful to use reports from Time Tracker together with Linux Project Planning (Microsoft Planner) like tools – Trac, Gantt Project or Task Juggler

 

Share this on

Linux webcam take pictures from tty console or terminal / How to make pictures of yourself using plain console and web-camera

Saturday, December 15th, 2012

how to take webCAM console / terminal pictures on gnu linux (Debian, Ubuntu, Fedora)

I'm a great command line enthusiast, I share the believe of many other command line geeks thinking keyboard is the quickest way to access a computer. Historically keys were first and mouse second and I think there is definitely a good reason for that. Thus today I was curious if it is possible to take pictures from my external web-camera on my Debian GNU / Linux? I did a quick research and this little article springed out as result.

The answer is YES! It is possible and besides that there are many ways to take a webcamera picture using the console; Lastly it is very easy to achieve even for novice Linux buddies 😉 My little research on the topic show me there are 4 straightforward ways one can use to use his extended or embedded WebCam to take pictuers – using (vlc, mplayer, camshot, fswebcam and ffmpeg).

1. Taking a webcam picture using vlc

Invoke vlc with following arguments:

# vlc -I dummy v4l2:///dev/video0 --video-filter scene --no-audio --scene-path /home/hipo --scene-prefix webcam-taken-picture-prefix --scene-format png vlc://quit --run-time=1

I've prepared a little wrapper script, for the sake of simplifying the long and hard to remember vlc options. Below is the script;

#!/bin/sh
# This little script will take picture whilst in gnome-terminal / mlterm or any console tty
# As program uses vlc you need to have vlc properly configured and installed
# as well as the webcam video be properly working (detected by Linux kernel)
# licensed under GPLv2 script modified by hip0 14.12.2012
# Path where to store taken snapshots
STORE_PATH=/home/hipo
# Device locatation of webcam many webcams have default device in /dev/video0
WEBCAM_DEV=/dev/video0
# Stored grabbed picture filename prefix
FILE_NAME_PREF=image_prefix
# gets the current date and adds to set filename prefix
date_cur=$(date +%k_%d_%m_%Y|sed -e 's/^ *//');
vlc -I dummy v4l2://$WEBCAM_DEV --video-filter scene --no-audio --scene-path $STORE_PATH --scene-prefix $FILE_NAME_PREF.$date_cur --scene-format png vlc://quit --run-time=1
echo "WebCam picture taken and stored in $STORE_PATH/$FILE_NAME_PREF.$date_cur*.png";
echo '';
echo "To view picture in Gnome with Eye of GNOME type: eog $STORE_PATH/$FILE_NAME_PREF.$date_cur*.png";

You can also download copy of the webcam_take_picture_from_console.sh script here.

As you see the script uses, vlc's (dummy interface), and –video-filter-scene option to make the snapshot. The script can be stored in let's say /usr/local/bin/webcam_take_picture.sh and aliased through ~/.bashrc with some short alias, i.e.:

alias console-picture='/usr/local/bin/webcam_take_picture.sh'

Then at any time, when you run console-picture you will have a short way to make pictures of your room, your friends or whatever needed. One good application of script is whether you're in coffee with friends and you want to take a snapshot of them without them realizing (assuming, the webcam is embedded) 🙂

Another great application is whether you want to take a snapshot of the WebCam, from another shell script or little application using dialog ncurses interfaces etc.

Even just for the sake of fun it is so nice to take a picture from webcam, whether in plain tty console bash shell 🙂

One small note to make here is webcam_take_picture_from_console.sh should be run as non-root user (for security reasons vlc developers made smartly VLC this way), running it as root drops an err:

>VLC is not supposed to be run as root. Sorry.
If you need to use real-time priorities and/or privileged TCP ports
you can use /usr/bin/vlc-wrapper (make sure it is Set-UID root and
cannot be run by non-trusted users first).
 

By default, vlc resolution used is the automatically set to the maximum supported to the camera, with mine this is 640×480 SRGB
The quality of pictures taken is a bit low but my camera is a cheap one and even with some GUI program snapshot taking programs like GNOME's cheese, taken pictures are with low quality (though I think the brightnes of the ones taken with vlc is a bit poorer than the ones done with cheese).

Happily it is possible to correct picture brightness and lightning with v42l-ctl (v42l-ctl is not installed by default and on Debian you will have to install deb pack v4l-utils), e.g.:

apt-get install --yes v4l-utils
....

Further, check out the possible options available with:

v4l2-ctl -L - (list all possible options)

and to set a concrete option do:

v4l2-ctl -c <options>=<value> (set an option)
 

I don't have a BSD (FreeBSD, NetBSD, OpenBSD) at hand, but with a working supported Webcam, correct location to the webcam /dev/  and installed VLC from ports :

vlc -I dummy v4l2:///dev/video0--video-filter scene --no-audio --scene-path $STORE_PATH --scene-prefix $FILE_NAME_PREF.$date_cur --scene-format png vlc://quit --run-time=1

should be working fine as well.
If someone has access to a BSD with a working installed webcam, please test it and drop a comment to confirm if working …

2. Creating pictures from WebCamera using mplayer cmd

Theoretically mplayer, should be able to take snapshots from the Cam with:

mplayer -vo png -frames 1 tv://

There is possibility to pass output webcam picture (resolution) dimensions too:

mplayer tv:// -tv driver=v4l:device=/dev/video0:width=320:height=240:outfmt=rgb24 -frames 1 -vo jpeg

 

With my "NoName" (Eltron Technology) webcam the produced images were filled up with solid green color  (maybe due to bug of my webcam used driver). Normally it should be working; I've seen many posts around claiming using both of above cmd lines to produce pictures normally, but not for me.

3. Making pictures with WebCamera (camshot) console tool

I've seen around also another tiny tool (camshot) especially written to take pictures from webcam. The tool is available only to be compiled from source (whether source is fetched through Subversion repo (SVN)). I took a minute to test it as well, e.g.:

 

hipo@noah:~Desktop$ svn checkout http://camshot.googlecode.com/svn/trunk/ camshot-read-only

hipo@noah:~/Desktop/camshot-read-only$ make
....
hipo@noah:~/Desktop/camshot-read-only$ ls
arguments.c  arguments.o  camera.h  camshot  image.h  main.c  Makefile  shmem.h  shmem_test.c
arguments.h  camera.c     camera.o  image.c  image.o  main.o  shmem.c   shmem.o

hipo@noah:~Desktop/camshot-read-only$ ./camshot
Letting the camera automaticaly adjust the picture:..........Done.
Command (h for help): h

Commands:
    x    Capture a picture from camera.
    h    Prints this help.
    q    Quits the program.

Command (h for help): x
Command (h for help): q

 

Don't know why, but for me camshot did not produce, any output picture from webcam. Maybe my Webcam which is a cheap (all OS) compatible one is not detected fine by the tool? As you see from above help output there are not many options so it is definitely something with webcam detection or just it needs some kind of little "hack" in the source to make it working, I was lazy to further investigate so I leave it.

4. Making pictures from terminal using fswebcam

fswebcam is not so popular as vlc and mplayer, but is existent from default repostiries on both Debian and Ubuntu Linuces. Here is it how it is described when pkg info requested with apt-cache:

apt-cache show fswebcam | grep -i descrip -A 8
Description: Tiny and flexible webcam program
 Fswebcam is a tiny and flexible webcam command-line program for capturing
 images from a V4L1/V4L2 device. It accepts a number of formats, can skip
 the first (possibly bad) frames before performing the actual capture, and
 can perform simple manipulation on the captured image, such as resizing,
 averaging multiple frames or overlaying a caption or an image.
Homepage: http://www.firestorm.cx/fswebcam/
Tag: implemented-in::c, role::program

To use it first install it with apt-get or yum (yes it is available also for RedHat based Linux distros via yum).
Depending whether on Debian or Fedora etc. do:

apt-get install --yes fswebcam
.....

or

yum -y install fswebcam
....

fswebcam's syntax is much easier than all of rest cmd tools available around; to create picture from webcam;

# fswebcam -r 640x480 --jpeg 85 -D 1 web-cam-shot.jpg
--- Opening /dev/video0...
Trying source module v4l2...
/dev/video0 opened.
No input was specified, using the first.
Delaying 1 seconds.
--- Capturing frame...
Captured frame in 0.00 seconds.
--- Processing captured image...
Setting output format to JPEG, quality 85
Unable to load font 'luxisr': Could not find/open font
Disabling the the banner.
Writing JPEG image to 'web-cam-shot.jpg'.

I liked supports, saving in multiple formats, can set resolution and is probably the number 1 choice for anyone looking for high level of customization of cam taken picture.. Saying this I think fswebcam is definitely the tool of choice as it is written with the one and only aim to take webcam pictures from console.

5. Capturing picture from Webcam using ffmpeg

With ffmpeg, there are plenty of things possible;
Just to mention few interesting ones, I've written about earlier, ffmeg is capable of;

convert .OGG vorbis to MP3 
convert .FLV to .AVI and .AVI to .FLV
convert .AVI .MP4 and .FLV to OGG Vorbis (Free Format)
convert .OGG video to .FLV Video
extract sounds / music from .FLV to a MP3 / MP4
Add .SRT and .SUB files subtitles to Flash Videos

Along with all this, interestingly ffmpeg can get content using command line from WebCamera (nomatter if it's a VIDEO stream or just a Picture snapshot).

The syntax to take a picture with it is:

ffmpeg -f video4linux2 -i /dev/v4l/by-id/usb-Etron_Technology__Inc._USB2.0_Camera-video-index0 -vframes 1 output-picture.jpeg

The precise /dev/(v4l – video 4 linux) assigned to different cameras will differ so in order to find what kind of /dev, to use ls it:

# ls -al /dev/v4l/by-id/*

lrwxrwxrwx 1 root root 12 Dec 14 22:40 /dev/v4l/by-id/usb-Etron_Technology__Inc._USB2.0_Camera-video-index0 -> ../../video0

The picture resolution taken on my Eltron Technology Webcam is same like with vlc – the cam optimum 640×480, the quality and brightness gamma is also identical to pics taken using VLC.
 
Therefore if you're wondering if one tool, might make a better pictures from command line than the other the answer, according to my tests is they produce identical quality and all can be customized easily for different set of resolution. It is possible thought, this is not so with other Web Cam models, if you happen to read this post and take the time to try taking pictures with 5 methods and some of the 5 progs is making superior pictures, please drop a comment with the tool you used and the WebCam exact version as detected in dmesg or lsusb

As a sort of Outtro, from purely functional / usability point of view I think fswebcam is probably be the tool of choice for mostly all as it is most simple, easily customizable and especially crafted for creating webcam console shots. That's all Enjoy, taking pics from GUI terminal or console 🙂 

P.S. – I know there are plenty of people who have written on the topic, so this article is nothing new under the sun, but as I couldn't find a post synthesizing in one all of the 5 methods I've come up with this little article. Feedback is mostly welcome
Happy picturing 😉

Share this on

Disabling PHP system(); and exec(); functions to raise up Apache security on Debian GNU / Linux

Wednesday, July 18th, 2012

Disabling PHP system(); and exec(); functions to raise up Apache security on Debian Gnu / Linux

At security critical hosts running Apache + PHP based sites it is recommended functions like:

system();
exec();shell_exec();.....

to be disabled. The reason is to mainly harden against script kiddies who might exploit your site/s and upload some shitty SK tool like PHP WebShell, PHP Shell and the probably thousands of “hacker” variations that exist nowdays.

In latest Debian stable Squeeze, suhosinadvanced protection module for php5 is being installed and enabled in Apache (by default).
Simply disabling a number of functions using suhosin, could prevent multiple of future headaches and hours of pondering on who 0wn3d your server ….

Disabling the basic PHP system(); and other similar functions which allows shell spawn is not always possible, since some websites or CMS platforms depends on them for proper runnig, anyways whether it is possible disabling ’em is a must.
There are two ways to disable system(); functions; One is through using /etc/php5/apache2/conf.d/suhosin.ini and 2nd by adding a list of functions that has to be disabled directly in Website Virtualhost file or in apache2.conf (/etc/apache2/apache2.conf;
For people hosting multiple virtualhost websites on the same server using the custom domain Virtualhost method is probably better, since on a global scale the functions could be enabled if some of the websites hosted on the server requires exec(); to work OK. In any case using /etc/php5/apache2/conf.d/suhosin.ini to disable system(); functions in PHP is less messy …

1. Disabling PHP system(); fuctions through /etc/apache2/apache2.conf and custom site Vhosts

Place somewhere (I prefer near the end of config);;;


php_admin_flag safe_mode on
php_admin_value disable_functions "system, exec, shell_exec, passthru , ini_alter, dl, pfsockopen, openlog, syslog, readlink, symlink, link, leak, fsockopen, popen, escapeshellcmd, apache_child_terminate apache_get_modules, apache_get_version, apache_getenv, apache_note,apache_setenv,virtual"

Disabling it for custom virtualhost is done by simply adding above Apache directvies (before the closing tag in /etc/apache2/sites-enabled/custom-vhost.com

2. Disabling PHP system();, exec(); shell spawn with suhosin.ini

In /etc/php5/apache2/conf.d/suhosin.ini add;;

suhosin.executor.func.blacklist =system, exec, shell_exec, passthru, ini_alter, dl,
pfsockopen, openlog, syslog, readlink, symlink, link, leak, fsockopen, popen,
escapeshellcmd, apache_child_terminate apache_get_modules, apache_get_version,
apache_getenv, apache_note,apache_setenv,virtual

To do it directly via shell issue;;;

server: conf.d/# cd /etc/php5/apache2/conf.d/
server: conf.d# echo 'suhosin.executor.func.blacklist =system, exec, shell_exec, passthru, ini_alter, dl,' >> suhosin.ini
server: conf.d# echo 'pfsockopen, openlog, syslog, readlink, symlink, link, leak, fsockopen, popen,' >> suhosin.ini
server: conf.d# echo escapeshellcmd, apache_child_terminate apache_get_modules, apache_get_version,' >> suhosin.ini
server: conf.d# echo 'apache_getenv, apache_note,apache_setenv,virtual' >> suhosin.ini

Then to re-load the memory loaded Apache libphp library an Apache restart is necessary;

server: conf.d# /etc/init.d/apache2 restart
Restarting web server: apache2 ... waiting .
server: conf.d#

Tadam, this should be quite a good security against annoying automated script attacks. Cheers 😉

Share this on