Posts Tagged ‘good’

Howto create Linux Music Audio CD from MP3 files / Create playable WAV format Audio CD Albums from MP3s

Tuesday, July 16th, 2019

cdburning-audio-music-cd-from-mp3-on-linuxcomapct-disc-tux-linux-logo

Recently my Mother asked me to prepare a Music Audio CD for her from a popular musician accordionist Stefan Georgiev from Dobrudja who has a unique folklore Bulgarian music.

As some of older people who still remember the age of the CD and who had most likely been into the CD burning Copy / Piracy business so popular in the countries of the ex-USSR so popular in the years 1995-2000 audio ,  Old CD Player Devices were not able to play the MP3 file format due to missing codecs (as MP3 was a proprietary compression that can't be installed on every device without paying the patent to the MP3 compression rights holder.

The revolutionary MP3 compression used to be booming standard for transferring Music data due to its high compression which made an ordinary MP3 of 5 minutes of 5MB (10+ times more compression than an ordinary classic WAV Audio the CPU intensiveness of MP3 files that puts on the reading device, requiring the CD Player to have a more powerful CPU.

Hence  due to high licensing cost and requirement for more powerful CPU enabled Audio Player many procuders of Audio Players never introduced MP3 to their devices and MP3 Neve become a standard for the Audio CD that was the standard for music listening inside almost every car out there.

Nowdays it is very rare need to create a Audio CD as audio CDs seems to be almost dead (As I heard from a Richard Stallman lecture In USA nowadays there is only 1 shop in the country where you can still buy CD or DVD drives) and only in third world as Africa Audio CDs perhaps are still in circulation.

Nomatter that as we have an old Stereo CD player on my village and perhaps many others, still have some old retired CD reading devices being able to burn out a CD is a useful thing.

Thus to make mother happy and as a learning excercise, I decided to prepare the CD for her on my Linux notebook.
Here I'll shortly describe the takes I took to make it happen which hopefully will be useful for other people that need to Convert and burn Audio CD from MP3 Album.

 

1. First I downloaded the Album in Mp3 format from Torrent tracker

My homeland Bulgaria and specific birth place place the city of Dobrich has been famous its folklore:  Galina Durmushlijska and Stefan Georgiev are just 2 of the many names along with Оркестър Кристал (Orchestra Crystal) and the multitude of gifted singers. My mother has a santiment for Stefan Georgiev, as she listened to this gifted accordinist on her Uncle's marriage.

Thus In my case this was (Стефан Георгиев Хора и ръченици от Добруджа) the album full song list here If you're interested to listen the Album and Enjoy unique Folklore from Dobrudja (Dobrich) my home city, Stefan Georgiev's album Hora and Rachenica Dances is available here

 


Stefan_Georgiev-old-audio-Music-CD-Hora-i-Rychenici-ot-Dobrudja-Horos-and-Ruchenitsas-from-Dobrudja-CD_Cover
I've downloaded them from Bulgarian famous torrent tracker zamunda.net in MP3 format.
Of course you need to have a CD / DVD readed and write device on the PC which nowdays is not present on most modern notebooks and PCs but as a last resort you can buy some cheap External Optical CD / DVD drive for 25 to 30$ from Amazon / Ebay etc.

 

2. You will need to install a couple of programs on Linux host (if you don't have it already)


To be able to convert from command line from MP3 to WAV you will need as minimum ffmpeg and normalize-audio packages as well as some kind of command line burning tool like cdrskin  wodim which is
the fork of old good known cdrecord, so in case if you you're wondering what happened with it just
use instead wodim.

Below is a good list of tools (assuming you have enough HDD space) to install:

 

root@jeremiah:/ # apt-get install –yes dvd+rw-tools cdw cdrdao audiotools growisofs cdlabelgen dvd+rw-tools k3b brasero wodim ffmpeg lame normalize-audio libavcodec58

 

Note that some of above packages I've installed just for other Write / Read operations for DVD drives and you might not need that but it is good to have it as some day in future you will perhaps need to write out a DVD or something.
Also the k3b here is specific to KDE and if you're a GNOME user you could use Native GNOME Desktop app such brasero or if you're in a more minimalistic Linux desktop due to hardware contrains use XFCE's native xfburn program.

If you're a console / terminal geek like me you will definitely enjoy to use cdw
 

root@jeremiah:/ # apt-cache show cdw|grep -i description -A 1
Description-en: Tool for burning CD's – console version
 Ncurses-based frontend for wodim and genisoimage. It can handle audio and

Description-md5: 77dacb1e6c00dada63762b78b9a605d5
Homepage: http://cdw.sourceforge.net/

 

3. Selecting preferred CD / DVD / BD program to use to write out the CD from Linux console


cdw uses wodim (which is a successor of good old known console cdrecord command most of use used on Linux in the past to burn out new Redhat / Debian / different Linux OS distro versions for upgrade purposes on Desktop and Server machines.

To check whether your CD / DVD drive is detected and ready to burn on your old PC issue:

 

root@jeremiah:/# wodim -checkdrive
Device was not specified. Trying to find an appropriate drive…
Detected CD-R drive: /dev/cdrw
Using /dev/cdrom of unknown capabilities
Device type    : Removable CD-ROM
Version        : 5
Response Format: 2
Capabilities   :
Vendor_info    : 'HL-DT-ST'
Identification : 'DVDRAM GT50N    '
Revision       : 'LT20'
Device seems to be: Generic mmc2 DVD-R/DVD-RW.
Using generic SCSI-3/mmc   CD-R/CD-RW driver (mmc_cdr).
Driver flags   : MMC-3 SWABAUDIO BURNFREE
Supported modes: TAO PACKET SAO SAO/R96P SAO/R96R RAW/R16 RAW/R96P RAW/R96R

You can also use xorriso (whose added value compared to other console burn cd tools is is not using external program for ISO9660 formatting neither it use an external or an external burn program for CD, DVD or BD (Blue Ray) drive but it has its own libraries incorporated from libburnia-project.org libs.

Below output is from my Thinkpad T420 notebook. If the old computer CD drive is there and still functional in most cases you should not get issues to detect it.

cdw ncurses text based CD burner tool's interface is super intuitive as you can see from below screenshot:

cdw-burn-cds-from-console-terminal-on-GNU-Linux-and-FreeBSD-old-PC-computer

CDW has many advanced abilities such as “blanking” a disk or ripping an audio CD on a selected folder. To overcome the possible problem of CDW not automatically detecting the disk you have inserted you can go to the “Configuration” menu, press F5 to enter the Hardware options and then on the first entry press enter and choose your device (by pressing enter again). Save the setting with F9.
 

4. Convert MP3 / MP4 Files or whatever format to .WAV to be ready to burn to CD


Collect all the files you want to have collected from the CD album in .MP3 a certain directory and use a small one liner loop to convert files to WAV with ffmpeg:
 

cd /disk/Music/Mp3s/Singer-Album-directory-with-MP3/

for i in $( ls *.mp3); do ffmpeg -i $i $i.wav; done


If you don't have ffmpeg installed and have mpg123 you can also do the Mp3 to WAV conversion with mpg123 cmd like so:

 

for i in $( ls ); do mpg123 -w $i.wav $i.mp3; done


Another alternative for conversion is to use good old lame (used to create Mp3 audio files but abling to also) decode
mp3 to wav.

 

lame –decode somefile.mp3 somefile.wav


In the past there was a burn command tool that was able to easily convert MP3s to WAV but in up2date Linux modern releases it is no longer available most likely due to licensing issues, for those on older Debian Linux 7 / 8 / 9 / Ubuntu 8 to 12.XX / old Fedoras etc. if you have the command you can install burn and use it (and not bother with shell loops):

apt-get install burn

or

yum install burn


Once you have it to convert

 

$ burn -A -a *.mp3
 

 

5. Fix file naming to remove empty spaces such as " " and substitute to underscores as some Old CD Players are
unable to understand spaces in file naming with another short loop.

 

for f in *; do mv "$f" `echo $f | tr ' ' '_'`; done

 

6. Normalize audio produced .WAV files (set the music volume to a certain level)


In case if wondering why normalize audio is needed here is short extract from normalize-audio man page command description to shed some light.

"normalize-audio  is  used  to  adjust  the volume of WAV or MP3 audio files to a standard volume level.  This is useful for things like creating mp3 mixes, where different recording levels on different albums can cause the volume to  vary  greatly from song to song."
 

cd /disk/Music/Mp3s/Singer-Album-directory-with-MP3/

normalize-audio -m *.wav

 

7. Burn the produced normalized Audio WAV files to the the CD

 

wodim -v -fix -eject dev='/dev/sr0' -audio -pad *.wav


Alternatively you can conver all your MP3 files to .WAV with anything be it audacity
or another program or even use 
GNOME's CDBurn tool brasero (if gnome user) or KDE's CDBurn which in my opinion is
the best CD / DVD burning application for Linux K3B.

Burning Audio CD with K3b is up to few clicks and super easy and even k3b is going to handle the MP3 to WAV file Conversion itself. To burn audio with K3B just run it and click over 'New Audio CD Project'.

k3b-on-debian-gnu-linux-burn-audio-cd-screenshot

For those who want to learn a bit more on CD / DVD / Blue-Ray burning on GNU / Linux good readings are:
Linux CD Burning Mini Howto, is Linux's CD Writing Howto on ibiblio (though a bit obsolete) or Debian's official documentation on BurnCD.
 

8. What we learned here


Though the accent of this tutorial was how to Create Audio Music CD from MP3 on GNU / Linux, the same commands are available in most FreeBSD / NetBSD / OpenBSD ports tree so you can use the same method to build prepare Audio Music CD on *BSDs.

In this article, we went through few basic ways on how to prepare WAV files from MP3 normalize the new created WAV files on Linux, to prepare files for creation of Audio Music CD for the old mom or grandma's player or even just for fun to rewind some memories. For GUI users this is easily done with  k3b,  brasero or xfburn.

I've pointed you to cdw a super useful text ncurses tool that makes CD Burninng from plain text console (on servers) without a Xorg / WayLand  GUI installed super easy. It was shortly reviewed what has changed over the last few years and why and why cdrecord was substituted for wodim. A few examples were given on how to handle conversion through bash shell loops and you were pointed to some extra reading resources to learn a bit more on the topic.
There are plenty of custom scripts around for doing the same CD Burn / Covnersion tasks, so pointing me to any external / Shell / Perl scripts is mostly welcome.

Hope this learned you something new, Enjoy ! 🙂

Play the Dangerous Dave old arcade classic on iPhone, iPad and Android Smartphone – Dangerous Dave 1990’s computer arcade classic Mario like game phone Application

Thursday, April 27th, 2017

Dangerous_Dave_1990-entry-game-screen-computer-mario-like-game

I still remember the good old times with my 16 Bit Desktop Personal Computer Parvetz 8086 CPU where one of the most favourite games I used to play a computer substitute for Mario for DOS operation system was Dangerous Dave 2 (DDAVE.EXE) an arcade game classic game from the distant year 1990 authored by a whiz kid which later become world famous Computer game Programmer John Romero mostly known for being a cofounder of Game creation comppany ID Software  which authored the 3D Shooter genesis classics such as Wolfenstein 3D, Spear of Destiny, DOOM I and DOOM II HeXen I / II, QUAKE I,  QUAKE II, QUAKE II as well as some absolute arcade classics as Commander Keen 4 🙂

As John Romero shared himsef the game is actually inspired by Super Mario Bros so he decided to create a kinda of computer remake of the game in his teenage years and he did a great job yeah 🙂

There are similarities between Super Mario and Dangerous Dave as both have  the secret levels, the level design, the monsters, and the jump all around collecting cups with a final aim to end up in the level exit door.

The game was originally developed for Apple II and later reworked and ported to DOS and because of it is immerse popularity Dave 2, 3 and 4 come out short

The game is really awesome and worths all praise, I was nicely surprised to find out Dangerous Dave amazing game is available for Iphone 5, 5S and Iphone 6 right into Appstore

Here is the awesome Dangerous DAVE Iphone port description:

"Dave is a redneck on a rampage to reclaim his stolen trophies from the town bully, Clyde! Dangerous Dave is back in his classic adventure in the Deserted Pirate's Hideout. This recreation of the original 1990 DOS game is just as action-packed and difficult as the original! There are only 10 levels, but, wow, are they hard. "

Dangerous_Dave-level-2-computer-Mario-like-old-arcade-game-classic

I have to say the game controls are pretty much amazing and the game controls even though reimplemented on the Iphone touch screen device are truly amazing so gameplay resembles pretty much the Computer original game keyboard controls and in a sense the touch screen controls are a little bit more convenient.

The iOS Dave port is pretty nice and updated version is also available which is possible to be chosen on Game entry screen so you either play classic mode or you play the Dave in the Deserted pirated hideout updated version and sound Dave remake, below is a screenshot of the updated GUI version:

Dangerous_Dave-in-the-deserted-pirate-hideout-updated-dave-gui-mario-like-computer-arcade-classic-game

Dave in the deserted pirate hideout Updated GUI shot by Alfonso Romero – level 1

Dangerous_Dave_mario-like-computer-classic-arcade-jump-and-run-ios-dave-in-the-deserted-pirates-hideout

Dave in the deserted pirate hideout Updated GUI shot by Alfonso Romero – level 2

Dangerous_Dave_Computer_like_Mario-high-level-computer-classic-arcade==

Actually Dangerous Dave is also available for Android Smartphone devices even though the controllers suck a lot compared to the Iphone version if you happen to own an Android OS phone check here 

For those who don't own an Iphone or Android SmartPhone (lucky you) you can also play Dangerous Dave online via DOSBox Web emulation from this URL

Dangerous_Dave-computer-classic-game-now-for-iphone-level5-screenshot

For those who prefer to play Dangerous Dave as a standalone desktop application as in the good old times on Windows 7 / 8, 8.1 and Windows 10 both on 32 and 64 bits platform you can download it (as of moment of writting article) from here

A mirrored version of Dangerous Dave for Windows 7/8/10 on pc-freak.net in case if it disappears in future check here.

Our generation people born in 1983-1986 who are now about 33 years old has grown up with this game and I'm pretty sure if you happen to be one of those people will truly enjoy to replay the quick 10 game levels and remind the fuzzy computer arcade games age when every growing kid like me was obsessed with the idea to play and complete as much as games possible with countless nights in front of the Green and Black screen and later on SVGA screens geeking on and on loosing idea of time and space and being completely sunk by the game.

Dangerous_Dave_Level-9-classic-old-school-arcade-mario-like-game

Happy gaming ! 🙂

Remove string line from file on Linux and BSD – Delete entire line with string from file

Tuesday, March 15th, 2016

linux-remove-lines-containing-string-with-sed

If you're already used too using grep -v "sometring" filename to print everything from a file without the certain grepped string output and you want to do the same to delete lines based on strings without having to output the grepped string to a file and then overwritting the original file:
 

grep -v 'whatever' filename > filename1
mv filename1 filename


A much better way to delete an whole line containing a string match from a file is to use sed
sed
should be the tool of choice especially if you're scripting because sed is especially made for such batch edittings.

Here is how to do delete an entire line based on a given string:

 

sed –in-place '/some string to search and delete/d' myfilename


It might be a good idea to also create backups just to make sure something doesn't get deleted incidently to do use:

sed –in-place=.bak '/some string to search and delete/d' myfilename

If you need to wipe out an exact string from all files within a folder you might use a for loop or perl (some good examples check my previous article here)

In short to use bash's for loop here is how to backup and remove all lines with a string match within all files within a Linux directory:

 

for f in *.txt; do sed –in-place '/some string/d'
"$f"; done
find -name '*.txt' -exec sed –in-place=.bak '/some
string/d' "{}" ';'

 

BTW SED is really rich editor and some people got so much into it that there is even a sed written text (console) version of arkanoid 🙂

sed-text-editor-written-arkanoid-game-linux-bsd

If you want to break the ice and get some fun in your boring sysadmin life get sed arkanoid code from here.
I have it installed under pc-freak.net free ASCII Games entertainment service, so if you want to give it a try just login and give a try.

Enjoy 🙂

Use mac PC built-in camera to make / take pictures on Mac OS X macbookair notebook with Photo Booth

Friday, February 26th, 2016

take-picture-or-video-with-built-in-camera-on-MacOSX-PhotoboothLOGO

It seems we lost our Good high quality Digital Camera somewhere and I was in need urgently to make a good quality photo (my ZTE Phone) has a very bad camera, so I got the idea to use Macbookair's camera as it has better
resolution to picture my present a  Tank Tort 🙂 hand made by my wife as a present for the Day of the Defender of the Fatherland which is a major feast in Russia, Belarus and many of the ex-Soviet Union members communist countries.

Actually using build in camare in MacBookAir is a handy thing for people mising at the moment a good high quality digital camera as it is thin and light and build in MacBook cam can be used to make Videos and Pictures exactly the same way
as an ordinary Tablet Computer is used so commonly nowadays by many:

In other words I needed for the Mac OS X equivalent to Cheese's (Photo and Video) capturer program for Linux.

Luckily for people interested in using their Mac OS notebook as a amateur camera this is easy by using default shipped Mac Application called:

Photo Booth app

To Launch Photo Booth app it just look it up in Finder and double click it:

PhotoBooth-how-to-take-photos-on-macosx

Clicking the large red button underneath the preview area will take a picture after an optional countdown.

Tort Tank of Svetka

Besides being able to capture Video and Pictures from Mac's camera it could add also some nice effects to taken pictures and videos (supports a basic video editing) features and effects.

The effects you can choose are are: Sepia, Black and White, Glow, Comic Book, Normal, Colored Pencil, Thermal Camera, X-Ray, and Pop Art. There are also effects that change the person in the picture using these effects: Bulge, Dent, Twirl, Squeeze, Mirror, Light Tunnel, Fish Eye, and Stretch. Actually  photographic filters of Photo Booth are very similar to Adobe Photoshop.

make-picture-on-mac-photobooth-effects-screenshot
By default Photo Booth will create picture, howver

Photo Booth saves your photos as JPEG files in a folder named Photo Booth, located in your home folder.

Choose File > Reveal in Finder

to see your picture files.

A much better way to be able to easily see and access all taken Pictures and Videos with Photo Booth is to

 

open Terminal

 

and type:

——-
 

 

$ cd Pictures
$ ln -s Photo\ Booth\ Library/Pictures/ PhotoBoothPics


This will make Link to pictures be easily accessible from your Finder -> Pictures folder
 
Applying custom photo backgrounds

A very useful feature of Photo Booth is that the user can apply backdrops to provide an effect similar to a green screen. When a backdrop is selected, a message appears telling the user to step away from the camera. Once the background is analyzed, the user steps back in front of the camera and is shown in front of the chosen backdrop.

For people who prefer to take photos using a console program on Mac OS I guess you should take a look at ffpeg
Here is one more snapshot of the Tort Tank snapshot made with the Macbookair of Svetlana 🙂

Tort Tank


P.S. If you like the Tort Tank and you happen to live in Sofia Bulgaria, you can order it  by dropping me a comment with request 🙂

Enjoy ! 🙂

Adding another level of security to your shared Debian Linux webhosting server with SuPHP

Tuesday, April 7th, 2015

suphp_improve-apache-security-protect-against-virus-internal-server-infections-suphp-webserver-logo

There are plenty of security schemes and strategies you can implement if you're a Shared Web Hosting company sysadmin however probably the most vital one is to install on Apache + PHP Webserver SuPHP module.

# apt-cache show suphp-common|grep -i descrip -A 4

Description: Common files for mod suphp Suphp consists of an Apache module (mod_suphp for either Apache 1.3.x or Apache 2.x) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter to the owner of the php script.

So what SuPHP actuall  does is to run separate CPanel / Kloxo etc. Users with separate username and groupid permissions coinciding with the user present in /etc/passwd , /etc/shadow files existing users, thus in case if someone hacks some of the many customer sites he would be able to only write files and directories under the user with which the security breach occured.

On servers where SuPHP is not installed, all  systemusers are using the same UserID / GuID to run PHP executable scripts under separate domains Virtualhost which are coinciding with Apache (on Debian / Ubuntu  uid, gid – www-data) or on (CentOS / RHEL / Fedora etc. – user apache) so once one site is defaced  exploited by a worm all or most server websites might end up infected with a Web Virus / Worm which will be trying to exploit even more sites of a type running silently in the background.  This is very common scenarios as currently there are donezs of PHP / CSS / Javasripts / XSS vulnerability exploited on VPS and Shared hosting servers due to failure of a customer to update his own CMS  scripts / Website  (Joomla, Wordpress, Drupal etc.) and the lack of resource to regularly monitor all customer activities / websites.

Therefore installing SuPHP Apache module is essential one to install on new serverslarge hosting providers as it saves the admin a lot of headache from spreading malware across all hosted servers sites ..
Some VPS admins that are security freaks tend to also install SuPHP module together with many chrooted Apache / LiteSpeed / Nginx webservers each of which running in a separate Jailed environment.

Of course using SuPHP besides giving a improved security layer to the webserver has its downsides such as increased load for the server and making Apache PHP scripts being interpretted a little bit slower than with plain Apache + PHP but performance difference while running a site on top of SuPHP is often not so drastic so you can live it up ..

Installing SuPHP on a Debian / Ubuntu servers is a piece of cake, just run the as root superuser, usual:
 

# apt-get install libapache2-mod-suphp


Once installed only thing to make is to turn off default installed Apache PHP module (without SuPHP compiled support and restart Apache webserver):
 

# a2dismod php5 …

# /etc/init.d/apache2 restart


To test the SuPHP is properly working on the Apache Webserver go into some of many hosted server websites DocumentRoot

And create new file called test_suphp.php with below content:

# vim test_suphp.php
<?php
system('id');
?>

Then open in browser http://whatever-website/test_suphp.php assuming that system(); function is not disabled for security reasons in php.ini you should get an User ID, GroupID bigger than reserved system IDs on GNU / Linux e.g. ID > UID / GID 99

Its also a good idea to take a look into SuPHP configuration file /etc/suphp/suphp.conf and tailor options according to your liking 

If different hosted client users home directories are into /home directory, set in suphp.conf

;Path all scripts have to be in

docroot=/home/


Also usually it is a good idea to set 

umask=0022 

WordPress Security: Fix WordPress wp-config.php improper permissions to protect your sites from Database password steal / Website deface

Thursday, March 12th, 2015

wordpress-security-Fix-wordpress-wp-config-improper-permissions-to-protect-your-sites-from-Database-pass-steal
Keeping WordPress Site / Blog and related installed plugins up-to-date
is essential to prevent an attacker to hack into your Site / Database and deface your site, however if you're a company providing shell access from Cpanel / Plesk / Kloxo Panel to customers often customers are messing up permissions leaving important security credential files such as wp-config.php (which is storing user / pass credentials about connection to MySQL / PostgreSQL to have improper permissions and be world readable e.g. have permissions such as 666 or 777 while in reality the WordPress recommended permissions for wp-config.php is 600. I will skip here to explain in details difference between file permissions on Linux as this is already well described in any Linux book, however I just will recommend for any Share hosting Admin where Wordperss is hosted on Lighttpd / Apache Webserver + Some kind of backend database to be extra cautious.

Hence it is very useful to list all your WordPress sites on server wp-config.php permissions with find like this:

 

find /  -iname 'wp-config.php' -print1;

 

I find it a generally good practice to also automatically set all wp-config.php permissions to 600 (6= Read / Write  permissions only for File Owner  user 0 = No permissions for All groups, 0 = No Permissions for all non-owner users)

If find command output gives you some file permissions such as:
 

ls -al /var/www/wordpress-bak/wp-config.php
-rw-rw-rw- 1 www-data www-data 2654 jul 28  2009 wp-config.php

 

E.g. file permission has 666 permissions (Readable for all users), then it is wise to fix this with:
 

chmod 600 /var/www/wordpress-bak/wp-config.php


It is generally a very good practice to run also a chmod 600 to each and every found wp-config.php file on server:
 

find /  -iname 'wp-config.php' -print1 -exec chmod 600 '{}' \;


Above command will also print each file to whcih permission is set to Read / Write for Owner (this si done with -print1 option).

It is a good practice for shared hosting server to always configure a root cronjob to run above find chmod command at least once daily (whenever server hosts 50 – 100 wordpress+ more sites).
 

crontab -u root -l | { cat; echo “05 03 * * * find /  -iname 'wp-config.php' -print1 -exec chmod 600 '{}' \; } | crontab – 


If you don't have the 600 permissions set for all wp-config.php files this security "backdoor" can be used by any existing non-root user to be read and to break up (crack)  in your database and even when there are Deface bot-nets involved to deface all your hosted server wordpress sites.

One of my servers with wordpress has just recently suffered with this little but very important security hole due to a WordPress site directory backup  with improper permissions which allowed anyone to enter MySQL database, so I guess there are plenty of servers with this hidden vulnerability silently living.

Many thanks to my dear friend (Dimitar PaskalevNomen for sharing with me about this vulnerability! Very important note to make here is admins who are using some security enhancement modules such as SuPHP (which makes Apache webserver to run Separate Website instances with different user), should be careful with his set all wp-config.php modules to Owner, as it is possible the wp-config.php owner change to make customer WP based websites inaccessible.

Another good security measure to  protect your server WordPress based sites from malicious theme template injections (for both personal own hosted wordpress based blog / sites or a WordPress hosting company) is to install and activate WordPress Antivirus plugin.

How to stop / start services in boot time and install / remove / update SuSE SLES (Suse Enterprise Linux Server)?

Friday, February 6th, 2015

Suse-Logo-stop-start-services-on-linux-boot-time-howto-chkconfig
If you're long time Linux sysadmin but you haven't need to adminster SuSE Linux still and your company buys other business / company which already owns some SuSE servers and you need to deal with them, even though you're just starting up with SuSE Linux but you had already plenty of experience with other Linux distributions Fedora / RHEL / CentOS, don't worry set up / stop / start a service (daemon) to boot on Linux boot time is just the same as any other Redhat (RPM) Linux based distributions. it is done by multiple shell scripts located in /etc/init.d directory which can be manually stopped start by issuing the script with an argument e.g
 

suse:/etc/init.d# cd /etc/init.d/
suse:/etc/init.d# ./snmpd 
Usage: ./snmpd {start|stop|try-restart|restart|force-reload|reload|status}


To configure how each of the /etc/init.d/ existent service boots you can the use good old /sbin/chkconfig (a script written in perl) – which you already know from Fedora / CentOS and other RPM distros.

1. Get a list of all enabled on boot SuSE Linux services

To get a list of all set up to run on boot SuSE server services with chkconfig:

 

suse:/etc/init.d# /sbin/chkfong –list 

Makefile                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
OVCtrl                    0:off  1:off  2:off  3:on   4:on   5:on   6:off
SuSEfirewall2_init        0:off  1:off  2:off  3:off  4:off  5:off  6:off
SuSEfirewall2_setup       0:off  1:off  2:off  3:off  4:off  5:off  6:off
Tivoli_lcfd1              0:off  1:off  2:on   3:on   4:off  5:on   6:off
Tivoli_lcfd1.bkp          0:off  1:off  2:off  3:off  4:off  5:off  6:off
aaeventd                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
acpid                     0:off  1:off  2:on   3:on   4:off  5:on   6:off
alsasound                 0:off  1:off  2:on   3:on   4:off  5:on   6:off
apache2-eis               0:off  1:off  2:off  3:off  4:off  5:off  6:off
atd                       0:off  1:off  2:off  3:off  4:off  5:off  6:off
auditd                    0:off  1:off  2:off  3:on   4:off  5:on   6:off
autofs                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
autoyast                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
boot.apparmor             0:off  1:off  2:on   3:on   4:off  5:on   6:off  B:on
cron                      0:off  1:off  2:on   3:on   4:off  5:on   6:off
dbus                      0:off  1:off  2:off  3:on   4:off  5:on   6:off
earlykbd                  0:off  1:off  2:off  3:off  4:off  5:on   6:off
earlysyslog               0:off  1:off  2:off  3:off  4:off  5:on   6:off
esound                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
evms                      0:off  1:off  2:off  3:off  4:off  5:off  6:off
fbset                     0:off  1:on   2:on   3:on   4:off  5:on   6:off
firstboot                 0:off  1:off  2:off  3:off  4:off  5:off  6:off
fixperms                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
gpm                       0:off  1:off  2:off  3:off  4:off  5:off  6:off
gssd                      0:off  1:off  2:off  3:off  4:off  5:off  6:off
gwproxy                   0:off  1:off  2:on   3:on   4:off  5:on   6:off
haldaemon                 0:off  1:off  2:off  3:on   4:off  5:on   6:off
hp-health                 0:off  1:off  2:on   3:on   4:on   5:on   6:off
hp-ilo                    0:off  1:off  2:off  3:on   4:off  5:on   6:off
hp-snmp-agents            0:off  1:off  2:on   3:on   4:on   5:on   6:off
hpsmhd                    0:off  1:off  2:off  3:on   4:on   5:on   6:off
idmapd                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
ipmi                      0:off  1:off  2:off  3:off  4:off  5:off  6:off
ipmi.hp                   0:off  1:off  2:off  3:off  4:off  5:off  6:off
irq_balancer              0:off  1:on   2:on   3:on   4:off  5:on   6:off
itcaIBMTivoliCommonAgent0  0:off  1:off  2:on   3:on   4:off  5:on   6:off
jboss                     0:off  1:off  2:off  3:off  4:off  5:off  6:off
joystick                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
kadmind                   0:off  1:off  2:off  3:off  4:off  5:off  6:off
kbd                       0:off  1:on   2:on   3:on   4:off  5:on   6:off  S:on
kdump                     0:off  1:off  2:off  3:off  4:off  5:off  6:off
kpropd                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
krb524d                   0:off  1:off  2:off  3:off  4:off  5:off  6:off
krb5kdc                   0:off  1:off  2:off  3:off  4:off  5:off  6:off
ldap                      0:off  1:off  2:off  3:on   4:off  5:on   6:off
lm_sensors                0:off  1:off  2:off  3:off  4:off  5:off  6:off
lw_agt                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
mdadmd                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
microcode                 0:off  1:on   2:on   3:on   4:off  5:on   6:off  S:on
multipathd                0:off  1:off  2:off  3:off  4:off  5:off  6:off
mysql                     0:off  1:off  2:off  3:off  4:off  5:off  6:off
network                   0:off  1:off  2:on   3:on   4:off  5:on   6:off
nfs                       0:off  1:off  2:off  3:on   4:off  5:on   6:off
nfsboot                   0:off  1:off  2:off  3:on   4:off  5:on   6:off
nfsserver                 0:off  1:off  2:off  3:off  4:off  5:off  6:off
nohup.out                 0:off  1:off  2:off  3:off  4:off  5:off  6:off
novell-zmd                0:off  1:off  2:off  3:off  4:off  5:off  6:off
nscd                      0:off  1:off  2:off  3:on   4:off  5:on   6:off
ntp                       0:off  1:off  2:on   3:on   4:off  5:on   6:off
openct                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
opsware-agent             0:off  1:off  2:off  3:on   4:on   5:on   6:off
osddownt                  0:off  1:off  2:off  3:on   4:on   5:on   6:off
ovpa                      0:on   1:off  2:on   3:on   4:off  5:on   6:off
pcscd                     0:off  1:off  2:off  3:off  4:off  5:off  6:off
pctl                      0:off  1:off  2:on   3:on   4:off  5:on   6:off
portmap                   0:off  1:off  2:off  3:on   4:off  5:on   6:off
postfix                   0:off  1:off  2:off  3:on   4:off  5:on   6:off
powerd                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
powersaved                0:off  1:off  2:off  3:off  4:off  5:off  6:off
random                    0:off  1:off  2:on   3:on   4:off  5:on   6:off
raw                       0:off  1:off  2:off  3:off  4:off  5:off  6:off
resmgr                    0:off  1:off  2:on   3:on   4:off  5:on   6:off
rpasswdd                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
rpmconfigcheck            0:off  1:off  2:off  3:off  4:off  5:off  6:off
rrdtools                  0:off  1:off  2:off  3:on   4:off  5:on   6:off
rsyncd                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
saslauthd                 0:off  1:off  2:off  3:off  4:off  5:off  6:off
skeleton.compat           0:off  1:off  2:off  3:off  4:off  5:off  6:off
slurpd                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
smartd                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
smpppd                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
snmpd                     0:off  1:off  2:on   3:on   4:off  5:on   6:off
splash                    0:off  1:on   2:on   3:on   4:off  5:on   6:off  S:on
splash_early              0:off  1:off  2:on   3:on   4:off  5:on   6:off
sshd                      0:off  1:off  2:off  3:on   4:off  5:on   6:off
suseRegister              0:off  1:off  2:off  3:off  4:off  5:off  6:off
svcgssd                   0:off  1:off  2:off  3:off  4:off  5:off  6:off
syslog                    0:off  1:off  2:on   3:on   4:off  5:on   6:off
sysstat                   0:off  1:off  2:off  3:off  4:off  5:off  6:off
tecad_logfile             0:off  1:off  2:off  3:on   4:off  5:on   6:off
tomcat55                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
tomcat_eis                0:off  1:off  2:off  3:off  4:off  5:off  6:off
tpmgwproxy.sh             0:off  1:off  2:on   3:on   4:off  5:on   6:off
uc4_smgrp                 0:off  1:off  2:off  3:on   4:off  5:on   6:off
uc4_smgrq1                0:off  1:off  2:off  3:on   4:off  5:on   6:off
xbis-ldap-tool            0:off  1:off  2:off  3:off  4:off  5:off  6:off
xdm                       0:off  1:off  2:off  3:off  4:off  5:on   6:off
xfs                       0:off  1:off  2:off  3:off  4:off  5:off  6:off
xinetd                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
ypbind                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
xinetd based services:
        chargen:            off
        chargen-udp:        off
        daytime:            off
        daytime-udp:        off
        echo:               off
        echo-udp:           off
        netstat:            off
        rsync:              off
        servers:            off
        services:           off
        systat:             off
        time:               off
        time-udp:           off

 

2. Stop / Disable a service in all Linux boot runlevels or in a concrete one

As you should know already in Linux there are multiple runlevels in which server can boot, under normal circumstances SuSE servers (as of time of writting) this article boots into runlevel 3, if you'r'e  unsure about the runlevel you can check it with runlevel command:
 

 suse:/etc/init.d# /sbin/runlevel
N 3

To stop a service on all possible boot runlevels – 1,2,3,4,5
 

suse:/etc/init.d# /sbin/chkconfig xinetd off


If you want to stop xinetd or any other service just for certain runlevels (lets say run-level 3,4,5):
 

suse:/etc/init.d# chkconfig –level 345 xinetd off

 

3. Start / Enable a service for a runlevel or all boot levels 1,2,3,4,5

To disable boot.apparmor on all boot runlevels –  kernel enhancement that enabled to set a limited set of resources for services (good for tightened security, but often creating issues with some external server configured services).
 

suse:/etc/init.d# chkconfig boot.apparmor off


Or for single boot modes again with –level option:
 

suse:/etc/init.d# chkconfig –level 345 boot.apparmor off

 

suse:/etc/init.d# chkconfig xfs off 


4. SuSE Linux Package management zypper console tool

If you need / wonder how to install /remove / update a service on a SuSE Linux server, take a look at zypper tool.
zypper is  a  command-line  interface to ZYPP system management library.

To install a package / service with zypper the syntax is very much like yum, for example:
 

suse: ~# zypper install vim -emacs

 


will remove emacs editor and install Vi Improved

The equivalent of yum -y  Fedora command in SuSE Enterprise Linux is –non-interactive option

 

suse:~# zypper –non-interactive install

 

In SuSE it is pretty annoying when you're asked for accepting licensing on some proprietary (external vendor) non-free software packages to get around this:
 

suse:~# zypper patch –auto-agree-with-licenses


To keep the SuSE server up2date – i.e. SLES equivalent of CentOS's yum update && yum upgrade

 

suse:~# zypper list-patches
Loading repository data…
Reading installed packages…
 
Repository                          | Name      | Version | Category | Status
————————————+———–+———+———-+——-
Updates for openSUSE 11.3 11.3-1.82 | lxsession | 2776    | security | needed

 

 

 

suse:~# zypper patch-check
Loading repository data…
Reading installed packages…
5 patches needed (1 security patch)


To look for a certain package with Zypper (equivalent of yum search packagename)

suse: ~# zypper search apache


To verify whether an RPM installed package dependecies are OK:
 

suse:~# zypper verify


The equivalent of Fedora yum update command in SuSE (SLES) are:

suse:~# zypper refresh


To force a complete refresh and rebuild of the database, including a forced download of raw metadata.
 

suse:~# zypper refresh -fdb

 


For people that are used to ncurses (midnight commander) like text interface you can also use yoast2 (text GUI) package manager:
 

suse:~# yoast2


update-linux-suse-server-with-yoast2-ncurses-package-text-gui-management-tool

If a package is messed you can always go back and use good old RPM (Redhat Package Manager) to solve it.

 

Disable Bluetooth on CentOS / RHEL (Redhat) / Fedora Linux servers – Disable hidd bluetooth devices

Thursday, January 29th, 2015

Disable_Bluetooth_on_CentOS_RHEL_Redhat_Fedora_Linux_servers_-_Disable_hidd_bluetooth_devices-logo

Bluetooth protocol on Linux is nice to have (supported) on Linux Desktop systems to allow easy communication wth PDAs, Tablets, Mobiles, Digital Cameras etc, However many newly purchased dedicated servers comes with Bluetooth support enabled which is a service rarely used, thus it is a good strong server security / sysadmin practice to remove the service supporting Blueetooth (Input Devices) on Linux hosts this is the hidd (daemon) service, besides that there are few Linux kernel modules to enable bluetooth support and removing it is also a very recommended practice while configuring new Production servers. 

Leaving Blueetooth enabled on Linux just takes up memory space and  potentially is a exposing server to possible security risk (might be hacked) remotely. 
Thus eearlier I've blogged on how bluetooth is disabled on Debian / Ubuntu Linux servers an optimization tuning (check) I do on every new server I have to configure, since administrating both RPM and Deb Linux distributions I usually also remove bluetooth hidd service support on every CentOS / RHEL / Fedora Linux – redhat  (where it is installed), here is how :

 

1. Disable Bluetooth in CentOS / RHEL Linux


a) First check whether hidd service is running on server:
 

[root@centos ~]# ps aux |grep -i hid
… 


b) Disable bluetooth services
 

[root@centos ~]# /etc/init.d/hidd stop
[root@centos ~]# chkconfig hidd off
[root@centos ~]# chkconfig bluetooth off
[root@centos ~]# /etc/init.d/bluetooth off


c) Disable any left Bluetooth kernel module (drivers), not to load on next server boot
 

[root@centos ~]# echo 'alias net-pf-31 off' >> /etc/modprobe.conf


If you don't need or intend to use in future server USBs it is also a good idea to disable USBs as well:
 

[root@centos ~]# lsmod|grep -i hid
usbhid                 33292  0
hid                    63257  1 usbhid
usbcore               123122  4 usb_storage,usbhid,ehci_hcd


[root@centos ~]# echo 'usbhid' >> /etc/modprobe.d/blacklist.conf
[root@centos ~]# echo 'hid' >> /etc/modprobe.d/blacklist.conf
[root@centos ~]# echo 'usbcore' >> /etc/modprobe.d/blacklist.conf

 

2. Disable Bluetooth on Fedora Linux

Execute following:
 

[hipo@fedora ~]# /usr/bin/sudo systemctl stop bluetooth.service
[hipo@fedora ~]# /usr/bin/sudo systemctl disable bluetooth.service

 
3. Disable Bluetooth on Gentoo / Slackware and other Linuces

An alternative way to disable bluetooth that should work across all Linux distributions / versions is:
 

[root@fedora ~]# su -c 'yum install rfkill'
[root@fedora ~]# su -c 'vi /etc/rc.d/rc.local'


Place inside, something like (be careful not to overwrite something, already execution on boot):
 

#!/bin/sh
rfkill block bluetooth
exit 0


4. Disable any other unnecessery loaded service on boot time

It is a good idea to also a good idea to check out your server running daemons, as thoroughfully as possible and remove any other daemons / kernel modules not being used by server.

To disable all unrequired services, It is useful to get a list of all enabled services, on RedHat based server issue:

 

[root@cento ~]#  chkconfig –list |grep "3:on" |awk '{print $1}'


 A common list of services you might want to disable if you're configuring (Linux, Apache, MySQL, PHP = LAMP) like server is:
 

chkconfig anacron off
chkconfig apmd off
chkconfig atd off
chkconfig autofs off
chkconfig cpuspeed off
chkconfig cups off
chkconfig cups-config-daemon off
chkconfig gpm off
chkconfig isdn off
chkconfig netfs off
chkconfig nfslock off
chkconfig openibd off
chkconfig pcmcia off
chkconfig portmap off
chkconfig rawdevices off
chkconfig readahead_early off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig smartd off
chkconfig xfs off
chkconfig ip6tables off
chkconfig avahi-daemon off
chkconfig firstboot off
chkconfig yum-updatesd off
chkconfig mcstrans off
chkconfig pcscd off
chkconfig bluetooth off
chkconfig hidd off


In most cases you can just run script like this – centos-disable_non-required_essential_services_for_lamp_server.sh.
 

Another useful check the amount of services each of the running server daemons is using, here is how:
 

ps aux | awk '{print $4"t"$11}' | sort | uniq -c | awk '{print $2" "$1" "$3}' | sort -nr


Output of memory consumption check command is here

How to read ext2 / ext3 / ext4 Linux filesystem and Mac OS X HFS+ partitions from Windows

Thursday, November 27th, 2014

access-linux-drives-filesystem-disks-from-microsoft-windows-howto-picture
If you are using a Dual-boot PC with installed M$ Windows and GNU .Linux OS storing many of your Documents / Music / Movie data on Linux's ext3 / ext4 filesystem partition  but using often also Windows PC for Professional Graphic Design or Photoshop CS5 / Coreldraw Graphics Suite X7 / 3D Studio / Adobe Drewmweaver you will certainly want to be able to mount (Map drive) as a drive Linux partitions ext3 / ext4 or Mac OS's HFS+ read / use it straight from Windows.

Below are few softs that does allow mounting Mac and Linux (Debian, Ubuntu, Fedora, SuSE etc.) partitions on Windows

1. Mapping Linux ext3 and ext4 as a Windows drive

There are number of programs that can map Linux partition as a drive / directly explore Linux FS content. Most famous (free) ones are:

  • Ext2Explore (also known as Ext2Read) – Probably best historically known Windows driver that does Linux ext FS reading 

     

     

     

    ext2explore-access-ubuntu-debian-fedora-suse-linux-from-your-windows-screenshot
     

  • Ext2FSD – Open source file system driver for Windows (2K / XP / WIN7 / WIN8 – both x86 and 64 bit arch) supports ext2 / ext3 FSs and even CIFS protocol shares over network mounts. Ext4 filesystems are supported in read only mode only. It supports many language codepage utf8, cp936, cp950 etc..- Cyrillic file names shown correctly 🙂

     

     

     

    ext2fsd-mount-linux-partitions-in-microsoft-windows-screenshot
     

  • Explore2FS – GUI explorer tool for accessing ext2 and ext3 filesystems. It runs under all versions of Windows and can read almost any ext2 and ext3 filesystem.

     

     

    explore2fs-linux-partitions-from-widnows-screenshot
     

  • Disk Internals Linux reader – A freeware tool for reading and extracting files from EXT2/EXT3/EXT4, HFS, UFS2, Reiser4, and ReiserFS partitions in Windows.

     

     

     

    disk-internals-linux-reader-2.0-screenshot-proprietary-linux-filesystem-reader-mounter-for-windows


Other useful multiplatorm Linux FS reader unfortunately proprietary one is ParagonExtFS – proprietary software having version for both Win OS and Mac (Supports also mounting Linux partitionons Mac).

Note that if you copy some files using some of above tools to Windows permissions held in Linux could screw up, so it is not a good idea to try backup Linux configuration files to Windows's partitions 🙂

2. Read Copy files from Mac OS HFS+ filesystem to Windows

Apple has Boot Camp driver package which allows Mac OS's HFS+ to be viewable from Windows.

reading-Mac-OSX-HFS-plus-partitions-from-ms-windows-with-bootcamp-driver

For people who don't intend to continuosly read data HFS+ it might be better to not load Boot Camp but use:

hfsexplorer-explorero-allowing-read-access-to-mac-osx-from-ms-windows-os

 Only problem with Boot Camp and HFSExplorer is it allows you to read data from Mac OS filesystem only read only.If you want to write to HFS+ filesystem from Windows you will need:

  • Proprietary Paragon HFS+ (or)

Disable annoying ads on Youtube in Firefox and Google Chrome – Adblock Plus

Monday, November 17th, 2014


adblock-plus-great-way-to-stop-annoying-website-advertisements
I'm not an Youtube addict but every now and then to kill some time I watch videos there usually this is 10 to 20 videos a day. Over the last few months, I've noticed Youtube video Adsense ads has increased dramatically and this is seriously breaking the overall user-experience one gets when watching videos.

Thus finally I decided to get rid of the ads and to prevent the annoyance, i've seen a hack on LifeHacker claiming to disable Youtube Ads with Javascript setting, I've tested this one but probably since 2013 when the hack was working Youtube updated, there player Ads inclusion algorithm and this Adus removal tip no longer works.

Adblock-Plus-remove-google-youtube-facebook-advertisements-and-browser-ads-firefox-chrome-plugin

Thanksfully there is an easy way to achieve that with no need for crytic commands in through developers by using the good old Adblock Plus Browser extension which besides of capable of removing standard Adsense Advertisements (showing up on almost every webpage on the internet) also removes Adsense Advertisements "embedded" into Youtube Videos is a generally one of the few recommended plugins to increase your browser security.

Installation of Adblockplus 2 is done directly from plugin website for both Firefox and Google Chrome, just click on Install button and you're done.
You don't need to do any post-configuration of Adblockplus even though for those who like to finely tune on any custom website White / Blacklisting.