Posts Tagged ‘linux distributions’

How to keep track of All User accounts executed commands, highest CPU consumers and user times on Linux

Tuesday, February 5th, 2013

Linux accounting keeping an eye on all user run commands time accounting find cpu eaters

For people interested into statistics of how Linux existing users are spending, there log in times and what kind of commands each of users is executing, take a look at acct
acct is existing on all mainstream Linux distributions is a great sysadmin tool. acct is a great tool whether you have a system where a multitude of users you don't trust has to be monitored. It is an absolutely must have for anyone willing to run, lets say  experimental honeypot or  free shell host. acct is useful for paranoid sysadmins who like to always knows what there users are running as well as in situation where some of users is suspected to be a potential cracker trying to root the host.

Below is description of acct package on Debian:

# apt-cache show acct| grep -i description -A 8
Description: The GNU Accounting utilities for process and login accounting
 GNU Accounting Utilities is a set of utilities which reports and summarizes
 data about user connect times and process execution statistics.
 .
 "Login accounting" provides summaries of system resource usage based on connect
 time, and "process accounting" provides summaries based on the commands
 executed on the system.
 .
 The 'last' command is provided by the sysvinit package and not included here.

To start using acct, just install it with usual:

# apt-get install --yes acct

(Whether on Debian / Ubuntu Linux);

On Fedora, CentOS and RHEL and other RPM based Linuxes issue;

yum --y install psacct

On deb based Linux distributions, whether acct collects statistics is controlled via:

/etc/default/acct

# cat /etc/default/acct
# Defaults for acct

# If you want to keep acct installed, but not started automatically, set this
# variable to 0. Because /etc/cron.daily/acct calls the initscript daily, it is
# not sufficient to stop acct once after booting if your machine remains up.
ACCT_ENABLE="1"

# Amount of days that the logs are kept.
ACCT_LOGGING="30"

After installed to start collecting user "process accounting" data run acct via init script;

# /etc/init.d/acct start
Turning on process accounting, file set to '/var/log/account/pacct'.
Done..

The file gathering info on system usage, CPU load, user ran commands /var/log/account/psacct is a binary and unreadable tailing it with tail -f .

On CentOS / Fedora Linux to Enable acct account statistics gathering in future boot and from present moment on do;

# chkconfig psacct on
# /etc/init.d/psacct start

1. Find out all commands executed by Linux user account (lastcomm)

Once user accounting is running to get information of every command ever executed on user shell use lastcomm cmd. For example:

# lastcomm hipo

bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.03 secs Tue Feb  5 00:20
sed                    hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
uname                  hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
dircolors              hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
uname                  hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
ls                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.03 secs Tue Feb  5 00:20
sed                    hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
uname                  hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
id                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
mesg                   hipo     pts/1      0.00 secs Tue Feb  5 00:20
verse                  hipo     pts/1      0.00 secs Tue Feb  5 00:20
cowrand                hipo     pts/1      0.00 secs Tue Feb  5 00:20
cowsay                 hipo     pts/1      0.03 secs Tue Feb  5 00:20
cowrand           F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
head                   hipo     pts/1      0.00 secs Tue Feb  5 00:20
tail                   hipo     pts/1      0.00 secs Tue Feb  5 00:20
head                   hipo     pts/1      0.00 secs Tue Feb  5 00:20
ls                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
cowrand           F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
awk                    hipo     pts/1      0.00 secs Tue Feb  5 00:20
wc                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
ls                     hipo     pts/1      0.00 secs Tue Feb  5 00:20

A lot of the initial commands shown to run on pts/1 is not actual commands, by the user but are just stuff run on user login time via /etc/bash.bashrc, /etc/profile, ~/.bashrc. ~/.bash_profile.

lastcomm displayed output from 2nd column is a special flag giving more information on how and for what purpose command was executed. In above output
F
– indicates the command run after a fork.
X – is returned if a command exit with SIGTERM (kill signal)
D – in case of generated command core dump (D is good one to look for whether checking a suspicious user profile, as it is so common exploits use core dumping to get root superuser access)
S – means the command is run with superuser privileges (this one you will see usually whether inspecting user profile of a cracker who run exploit using core dump – a lot of Ds followed by some shell code to run as superuser)

2. Get statistics on CPU use time of services (daemons) and user accounts

psacct is very handy, whether you have CPU server overloads and you have difficulty finding out what are the "CPU hungry processes". To get those use summarized accounting information tool;

# sa -m
                                     2619      31.06re       0.54cp         0avio      2907k
root                                 2448      30.19re       0.52cp         0avio      2817k
www-data                               33       0.06re       0.02cp         0avio      3687k
hipo                                   72       0.15re       0.01cp         0avio      6217k
qscand                                 11       0.36re       0.00cp         0avio      5326k
vpopmail                               48       0.25re       0.00cp         0avio      1486k
qmails                                  6       0.00re       0.00cp         0avio       968k
sshd                                    1       0.04re       0.00cp         0avio     12632k

-m (prints user summary).

3. Find all system users running certain commands

Another good use of lastcomm command is to grep over all users executed command for precise commands of interest. One very good use case is if you catch a system abuser running certain exploit or DoS tool on the host and you want to make sure no-one else on the system doesn't try running it.

# lastcomm ls
ls                     www-data __         0.00 secs Tue Feb  5 00:40
ls                     www-data __         0.00 secs Tue Feb  5 00:30
ls                     hipo     pts/7      0.00 secs Tue Feb  5 00:20
ls                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
ls                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
ls                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
ls                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
ls                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
ls                     www-data __         0.00 secs Tue Feb  5 00:20
ls                     root     pts/0      0.00 secs Tue Feb  5 00:10
ls                     root     pts/0      0.00 secs Tue Feb  5 00:10
ls                     www-data __         0.00 secs Tue Feb  5 00:10
 

4. Get statistics of most active system users in hours

There is one tool called ac, which is similar in what it does to last command, just like last it uses /var/log/wtmp binary log file to get its user login times stats . The difference is ac provides more and better structured user login time length info.

Its very useful if you want to have idea, which user spends most time connected to host.

$ ac -p
    sic                                  4.86
    hipo                                 4.80
    root                                25.80
    play                                 0.02

To get general info on how much overall hours all existing users spend doing stuff on node;

$ ac total 35.61

To know which days from the month users were most active:

$ ac -d
Feb 1 total 14.54
Feb 2 total 0.97
Feb 3 total 12.47
Feb 4 total 5.96
Today total 1.73

How to set password on a mysql server with no password via mysql command line interface

Monday, March 28th, 2011

Many Linux distributions’s offered MySQL server comes without a set default password, in practice you can freely login to the mysql server on a plain mysql server installation on Debian, Ubuntu or Fedora by simply issuing:

linux:~# mysql -u root
Enter password:

Pressing enter will straight let you in the mysql server. The same kind of behaviour is also probably true on BSD based and many other Unixes which have pre-installed or the option to install a new mysql server.

I remember in my past that I’ve even seen a productive mysql servers on a servers running CMS based websites which doesn’t have a root password set.

Some administrators doesn’t take the time to think about the implications of the no password mysql installation and therefore being in a hurry simply let the server without an administrator password.
This is very common for the most lame and uneducated ones. Many novice system administrators think that by installing a phpmyadmin and configuring a password on it’s web interface is equal to setting up the mysql server (daemon) a password.

Thus for all this the uneducated ones and for all those who already have noticed that their newly installed mysql server doesn’t have a password set I’ve decided to give an example how a new mysql server password can be set or how an existing mysql server pass can be changed to a new one

To make any password manipulations usually the mysql-client package does provide a very handy instrument called mysqladmin , mysqladmin has many possibilities among which is creating a new mysql server admin (root) password or changing a previously set mysql server password to a new one

1. Here is how you can set a new MySQL server password:

mysqladmin -u root 'password' YOURasddsaPASSWORDjqweHERE

2. If you need to change an already existing mysql password you need to provide just one more argument to mysqladmin:

mysqladmin -u root 'password' YOURasdfdsaNEWasddsaPASSWORD_HERE -pEnter password:

Whether the Enter password: field appears you will be required to fill in the original mysql server root password after which the password will be changed to the above string passed in to the mysqladmin command line ‘YOURasdfdsaNEWasddsaPASSWORD_HERE’

That’s all now you have either set a new password for the mysql server or have already changed your previous one.

How to record microphone input sound (only) using good old ffmpeg

Tuesday, December 25th, 2012

The good old ffmpeg, along with being able to capture sound and video from your Linux Desktop or a certain Window and Skype whatever WebCamera input is also able to record sound from both camera or embedded laptop microphone. Here is how:

# ffmpeg -f alsa -ac 2 -i pulse   -acodec pcm_s16le -vcodec libx264 -vpre lossless_ultrafast -threads 0  -y  myVOICE.wav

This as you can see from arguments, uses GNOME's pulseaudio (audio service) and ALSA. Sound is first streamed through alsa and then the sound inflow is passed to be processed and multipled in a separate sound channel by pulseaudio. This method though said to be working fine on Ubuntu Linux is not working well on some other Linux distributions like Debian if one is using ALSA configured to use a software sound multiplexor via the so called – alsa dsnoop interface (previously I write how to use it in order to make Skype and other programs use SoundBlaster proper – article is here)

Below is the output warning I got whether trying ffmpeg with -f alsa and -i pulse arguments:

hipo@noah:~/Desktop$ ffmpeg -f alsa -ac 2 -i pulse   -acodec pcm_s16le -vcodec libx264 -vpre lossless_ultrafast -threads 0  -y  myVOICE.wav
FFmpeg version SVN-r25838, Copyright (c) 2000-2010 the FFmpeg developers
  built on Sep 20 2011 17:00:01 with gcc 4.4.5
  configuration: --enable-libdc1394 --prefix=/usr --extra-cflags='-Wall -g ' --cc='ccache cc' --enable-shared --enable-libmp3lame --enable-gpl --enable-libvorbis --enable-pthreads --enable-libfaac --enable-libxvid --enable-postproc --enable-x11grab --enable-libgsm --enable-libtheora --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libx264 --enable-libspeex --enable-nonfree --disable-stripping --enable-avfilter --enable-libdirac --disable-decoder=libdirac --enable-libschroedinger --disable-encoder=libschroedinger --enable-version3 --enable-libopenjpeg --enable-libvpx --enable-librtmp --extra-libs=-lgcrypt --disable-altivec --disable-armv5te --disable-armv6 --disable-vis
  libavutil     50.33. 0 / 50.43. 0
  libavcore      0.14. 0 /  0.14. 0
  libavcodec    52.97. 2 / 52.97. 2
  libavformat   52.87. 1 / 52.87. 1
  libavdevice   52. 2. 2 / 52. 2. 2
  libavfilter    1.65. 0 /  1.65. 0
  libswscale     0.12. 0 /  0.14. 1
  libpostproc   51. 2. 0 / 51. 2. 0
[alsa @ 0x633160] capture with some ALSA plugins, especially dsnoop, may hang.

where concrete programs, are run which take use of OSS (Open Sound System) – an already obsolete sound architecture. By the way on current Debian / Fedora etc. Linux-es OSS is managed and played only, whether few kernel modules are already  pre-loaded, below are the ones as pasted from my Debian Squeeze:

# lsmod | grep -i oss
snd_pcm_oss            32591  0
snd_mixer_oss          12606  1 snd_pcm_oss
snd_pcm                60487  3 snd_hda_intel,snd_hda_codec,snd_pcm_oss
snd                    46526  15 snd_hda_codec_analog,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_rawmidi,snd_seq,snd_timer,snd_seq_device

The oss processed sound recording from ffmpeg is not working, well on my Linux, cause I have my custom (non-Debian) native binary Firefox downloaded and installed from Firefox's website.The browser is compiled to open automatically /dev/dsp which in practice uses the above-mentioned OSS listed modules, which on their behalf when used break out the sound processed by alsa and respectively pulseaudio (those who use Linux for longer time should remember in the times of OSS only one certain sound stream was possible to be processed / played on Linux historically before ALSA come to scene to be "defacto" standard kernel sound processor. Well ofcourse firefox developers who compiled the Firefox for Linux probably was using Slackware or some other Linux distro which probably used to play sound still via OSS or maybe they compiled it so thinking OSS because of its historical importance is still supported by more Linux distributions than alsa is. I like the custom compiled Firefox to run on my Debian instead of default Debian Squeeze (IceWeasel) cause firefox.org ,Firefox version is much newer and supports better latest HTML5  as well as it includes ability to download and apply automatic updates to the latest version provided by Firefox team. However I fou

Thus for Linux users like me using latest firefox binary from firefox.org (in parallel) with opened Firefox browser to record sound from Webcam or Embedded notebook mic the obsolete OSS has to be used, here is how:

# ffmpeg -f oss -ac 2 -i /dev/dsp   -acodec pcm_s16le -vcodec libx264 -vpre lossless_ultrafast -threads 0  -y  my-recorder-VOICE.wav

Enjoy ;)

Installing XMMS on Debian Squeeze from a Package / Installing XMMS on Debian – the debian way

Tuesday, July 17th, 2012

installing xmms on debian squeeze linux playing free software song green skin screenshot

I use Debian Linux for my desktop for quite some time; Even though there are plenty of MP3 / CD players around in Debian, I’m used to the good old XMMS, hence I often prefer to use XMMS to play my music instead of newer players like RhythmBox or audacious.
Actually audacious is not bad substitute for XMMS and is by default part of Debian but to me it seems more buggy and tends to crash during playing some music formats more than xmms ….

As most people might know, XMMS is no longer supported in almost all modern Linux distributions, so anyone using Debian, Ubuntu or other deb derivative Linux would have to normally compile it from source.
Compiling from source is time consuming and I think often it doesn’t pay back the effort. Thanksfully, though not officially supported by Debian crew XMMS still can be installed using a deb xmms prebuilt package repository kindly provided by a hacker fellow knuta.

Using the pre-build deb packages, installing xmms on new Debian installs comes to:

debian:~# echo 'deb http://www.pvv.ntnu.no/~knuta/xmms/squeeze ./' >> /etc/apt/sources.list
debian:~# echo 'deb-src http://www.pvv.ntnu.no/~knuta/xmms/squeeze ./' >> /etc/apt/sources.list
debian:~# apt-get update && apt-get -y install xmms

There are also deb xmms built for Ubuntu, so Ubuntu users could install xmms using repositories:

deb http://www.pvv.ntnu.no/~knuta/xmms/karmic ./
deb-src http://www.pvv.ntnu.no/~knuta/xmms/karmic ./
That’s all now xmms is ready to use. Enjoy 🙂

How to make screenshot in /dev/tty console on GNU / Linux – Taking picture JPEG / PNG snapshot of text console in systems without graphical environment

Monday, April 30th, 2012

I'm used to making picture screenshots in GNOME desktop environment. As I've said in my prior posts, I'm starting to return to my old habits of using console ttys for regular daily jobs in order to increase my work efficiency. In that manner of thoughts sometimes I need to take a screenshot of what I'm seeing in my physical (TTY consoles) to be able to later reuse this. I did some experimenting and this is how this article got born.

In this post, I will shortly explain how a picture of a command running in console or terminal in GNU / Linux can be made

Before proceeding to the core of the article, I will say few words on ttys as I believe they might be helpful someone.
The abbreviation of tty comes after TeleTYpewritter phrase and is dating back somewhere near the 1960s. The TTY was invented to help people with impaired eyesight or hearing to use a telephone like typing interface.

In Unix / Linux / BSD ttys are the physical consoles, where one logs in (typing in his user/password). There are physical ttys and virtual vtys in today *nixes. Today ttys, are used everywhere in a modern Unixes or Unix like operating system with or without graphical environments.
Various Linux distributions have different number of physical consoles (TTYs) (terminals connected to standard output) and this depends mostly on the distro major contributors, developers or surrounding OS community philosophy.
Most modern Linux distributions have at least 5 to 7 physical ttys. Some Linux distributions like Debian for instance as of time of writting this, had 7 active by default physical consoles.
Adding 3 more ttys in Debian / Ubuntu Linux is done by adding the following lines in /etc/inittab:
 

7:23:respawn:/sbin/getty 38400 tty7
8:23:respawn:/sbin/getty 38400 tty8
9:23:respawn:/sbin/getty 38400 tty9

On some Linux distributions like Fedora version 9 and newer ones, new ttys can no longer be added via /etc/inittab,as the RedHat guys changed it for some weird reason, but I guess this is too broad issue to discuss ….

In graphical environments ttys are called methaphorically "virtual". For instance in gnome-terminal or while connecting to a remote SSH server, a common tty naming would be /dev/pts/8 etc.

tty command in Linux and BSDs can be used to learn which tty, one is operating in.

Here is output from my tty command, issued on 3rd TTY (ALT+F3) on my notebook:
 

noah:~# tty
/dev/tty3

A tty cmd output from mlterm GUI terminal is like so:
 

hipo@noah:~$ tty/dev/pts/9

Now as mentioned few basic things on ttys I will proceed further to explain how I managed to:

a) Take screenshot of a plain text tty screen into .txt file format
b) take a (picture) JPG / PNG screenshot of my Linux TTY consoles content

1. Take screenshot of plain text tty screen into a plain (ASCII) .txt file:

To take a screenshot of tty1, tty2 and tty3 text consoles in a txt plain text format, cat + a standard UNIX redirect is all necessery:
 

noah:~# cat /dev/vcs1 > /home/hipo/tty1_text_screenshot.txt
noah:~# cat /dev/vcs2 > /home/hipo/tty2_text_screenshot.txt
noah:~# cat /dev/vcs3 > /home/hipo/tty3_text_screenshot.txt

This will dump the text content of the console into the respective files, if however you try to dump an ncurses library like text interactive interfaces you will end up with a bunch of unreadable mess.
In order to read the produced text 'shots' onwards less command can be used …
 

noah:~# less /home/hipo/tty1_text_screenshot.txt
noah:~# less /home/hipo/tty2_text_screenshot.txt
noah:~# less /home/hipo/tty3_text_screenshot.txt

2. Take picture JPG / PNG snapshot of Linux TTY console content

To take a screenshot of my notebook tty consoles I had to first install a "third party program" snapscreenshot . There is no deb / rpm package available as of time of writting this post for the 4 major desktop linux distributions Ubuntu, Debian, Fedora and Slackware.
Hence to install snapscreenshot,I had to manually download the latest program tar ball source and compile e.g.:
 

noah:~# cd /usr/local/src
noah:/usr/local/src# wget -q http://bisqwit.iki.fi/src/arch/snapscreenshot-1.0.14.3.tar.bz2
noah:/usr/local/src# tar -jxvvvf snapscreenshot-1.0.14.3.tar.bz2

noah:/usr/local/src# cd snapscreenshot-1.0.14.3
noah:/usr/local/src/snapscreenshot-1.0.14# ./configure && make && make install
Configuring…
Fine. Done. make.
make: Nothing to be done for `all'.
if [ ! "/usr/local/bin" = "" ]; then mkdir –parents /usr/local/bin 2>/dev/null; mkdir /usr/local/bin 2>/dev/null; \
for s in snapscreenshot ""; do if [ ! "$s" = "" ]; then \
install -c -s -o bin -g bin -m 755 "$s" /usr/local/bin/"$s";fi;\
done; \
fi; \
if [ ! "/usr/local/man" = "" ]; then mkdir –parents /usr/local/man 2>/dev/null; mkdir /usr/local/man 2>/dev/null; \
for s in snapscreenshot.1 ""; do if [ ! "$s" = "" ]; then \
install -m 644 "$s" /usr/local/man/man"`echo "$s"|sed 's/.*\.//'`"/"$s";fi;\
done; \
fi

By default snapscreenshot command is made to take screenshot in a tga image format, this format is readable by most picture viewing programs available today, however it is not too common and not so standartized for the web as the JPEG and PNG.
Therefore to make the text console tty snapshot taken in PNG or JPEG one needs to use ImageMagick's convert tool. The convert example is also shown in snapscreenshot manual page Example section.

To take a .png image format screenshot of lets say Midnight Commander interactive console file manager running in console tty1, I used the command:
 

noah:/home/hipo# snapscreenshot -c1 -x1 > ~/console-screenshot.tga && convert ~/console-screenshot.tga console-screenshot.png

Linux text console tty mc screenshot with snapscreenshot terminal / console snapshotting program

Note that you need to have read/write permissions to the /dev/vcs* otherwise the snapscreenshot will be unable to read the tty and produce an error:
 

hipo@noah:~/Desktop$ snapscreenshot -c2 -x1 > snap.tga && convert snap.tga snap.pngGeometry will be: 1x2Reading font…/dev/console: Permission denied

To take simultaneous picture screenshot of everything contained in all text consoles, ranging from tty1 to tty5, issue:
 

noah:/home/hipo# snapscreenshot -c5 -x1 > ~/console-screenshot.tga && convert ~/console-screenshot.tga console-screenshot.png

Here is a resized 480×320 pixels version of the original screenshot the command produces:

All text Consoles tty1 to tty5 merged screenshot png image with snapscreenshot taken on Debian GNU / Linux

Storing a picture shot of the text (console) screen in JPEG (JPG) format is done analogously just the convert command output extension has to be changed to jpeg i.e.:
 

noah:/home/hipo# snapscreenshot -c5 -x1 > ~/console-screenshot.tga && convert ~/console-screenshot.tga console-screenshot.jpeg

I've also written a tiny wrapper shell script, to facilitate myself picture picture taking as I didn't like to type each time I want to take a screenshot of a tty the above long line.

Here is the wrapper script I wrote:
 

#!/bin/sh
### Config
# .tga produced file name
output_f_name='console-screenshot.tga';
# gets current date
cur_date=$(date +%d_%m_%Y|sed -e 's/^ *//');
# png output f name
png_f_name="console-screenshot-$cur_date.png";
### END Config
snapscreenshot -c$arg1 -x1 > $output_f_name && convert $output_f_name $png_f_name;
echo "Output png screenshot from tty1 console produced in";
echo "$PWD/$png_f_name";
/bin/rm -f $output_f_name;

You can also download my console-screenshot.sh snapscreenshot wrapper script here

The script is quite simplistic to use, it takes just one argument which is the number of the tty you would like to screenshot.
To use my script download it in /usr/local/bin and set it executable flag:
 

noah:~# cd /usr/local/bin
noah:/usr/local/bin# wget -q https://www.pc-freak.net/~bshscr/console-screenshot.sh
noah:/usr/local/bin# chmod +x console-screenshot.sh

Onwards to use the script to snapshot console terminal (tty1) type:
 

noan:~# console-screenshot.sh

I've made also mirror of latest version of snapscreenshot-1.0.14.3.tar.bz2 here just in case this nice little program disappears from the net in future times.

 

How to add extra plugins, effects, brushes and functionality to GIMP on GNU / Linux

Tuesday, February 28th, 2012

How to add extra plugins, effects brushes and functionality to GIMP on Debian and Ubuntu Linux / GIMP logo head pictureThese days, I'm playing with The GIMP. I've been a GNU / Linux, FreeBSD user for already 11 years now but as I'm doing mostly system administration and I don't have much expertise in Panting or Computer Graphical Design, I've never put much time to learn more in the interesting area of graphical design. Hence until just recently, Just until now, I've never spend time with the GIMP (GNU Image Manipulation Program) and never realized how powerful this great program is. The more I learn about GIMP functionalities and how it works the more it makes me determined to learn some basic web design 🙂

The functionality which The GIMP offers in a basic install is quite rich, however by default on most Debian and Ubuntu installations many of the great plugins which easifies the way to edit pictures is missing.

Example for a very valuable functionality which is not present with standard gimp package installed on Debian and Ubuntu are:
 

Here I will mention here few words on:

  • GIMP FX-Foundry Collection

GIMP FX-Foundry is a thoroughful collection of GIMP scripts (addon plugins), that automates many of the operations which requires a professional web design skills and gives an easy intuitive interface through which very robust "high level" graphic design can be accomplished. This additional GIMP extensions helps to create very unique design in just few simple steps, as well as gives multiple tools for the sake of easy pro design creation. For anyone looking for quick edit of images with GIMP FX-Foundry is a must have GIMP plugins extension. The script pack is located on http://gimpfx-foundry.sourceforge.net/

To install FX-Foundry scripts collection on Debian / Ubuntu / Linux Mint and other based Linux distributions:

debian:~# apt-get install --yes gimp-plugin-registry
...

gimp-plugin-registry package name is based on GIMP Plugin registry's website
. Gimp plugin registry contains many helpful design goodies 🙂

Once installed you will notice GIMP with a new menu on the main menus bar reading FX-Foundry :

GIMP Screenshot GNU Linux Debian additional FX Foundry menu

GIMP FX Foundry extensionos package contains 124 scripts for additional graphics manipulation. The collection contains less scripts than the ones provided by gimp-plugin-registry. package has 156 scripts inside.

One of the most helpful GIMP addition from the package is the inclusion of Save for Web button under:

File -> Save for Web

GIMP Save for Web menu suitable for reduced size images for HTML image producing on Debian GNU / Linux screenshot

Another very helpful .deb package which adds up to GIMP's design possibilities is gimp-data-extras .

gimp-data-extras adds 111 new GIMP Fill in Patterns , which can be used through the Blend Tool to Fill selected areas with color gradients.

To install gimp-data-extras on Debian:

debian:~# apt-get install --yes gimp-data-extras
...

Generally once installed this package will add to GIMP – an extra set of brushes, palettes, and gradients for The GIMP as you can read in the package description.

I was also quite stunned to find out the good old GIMP is capable of basic Video editting!!

On Debian and Ubuntu there is a package called gimp-gap which once installed adds an extra Video menu.

GIMP Screenshot GNU Debian linux adding GIMP extra Video editting capabilities

I've not tested the GIMP video editting capabilities yet, however I intend to learn something about it immediately when I have some free time left. You see the enormous list of Video editting possibilities GIMP obtaines with gimp-gap which btw stands for (The GIMP Animation Package).

To install gimp-gap:

debian:~# apt-get install --yes gimp-gap

I've noticed also the following list of others useful GIMP additions (mainly helpful in Web, Brochure and Logo Graphic Design) to install them:

debian:~# apt-get --yes install gimp-gmic gimp-ufraw gtkam-gimp gimp-gluas \gimp-dimage-color gimp-dds gimp-dcraw gimp-cbmplugs flegita-gimp gimp-texturize \gimp-resynthesizer gimp-lensfun gimp-gutenprint gtkam-gimp mrwtoppm-gimp

Here is the package description of the packages above command will install:

  • gimp-cbmplugs – plugins for The GIMP to import/export Commodore 64 files
  • gimp-data-extras – An extra set of brushes, palettes, and gradients for The GIMP
  • gimp-dcraw – GIMP plug-in for loading RAW digital photos
  • gimp-dds – DDS (DirectDraw Surface) plugin for the gimp
  • gimp-dimage-color – GIMP plugin to convert Minolta DiMAGE pictures to sRGB colour space
  • gimp-gap – The GIMP Animation Package
  • gimp-gluas – Lua environment plug-in for GIMP
  • gimp-gmic – GIMP plugin for GREYC's Magic Image Converter
  • gimp-gutenprint – print plugin for the GIMP
  • gimp-lensfun – Gimp plugin to correct lens distortion using the lensfun library
  • gimp-normalmap – Normal map plugin for GIMP
  • gimp-plugin-registry – repository of optional extensions for GIMP
  • gimp-resynthesizer – Gimp plugin for texture synthesis
  • gimp-texturize – generates large textures from a small sample
  • gimp-ufraw – gimp importer for raw camera images
  • flegita-gimp – Gnome Gimp scan plugin.
  • gtkam-gimp – gtkam gimp plugin to open digital camera pictures
  • mrwtoppm-gimp – GIMP-plugin to support Minolta DiMAGE 5/7/7i RAW images

Now after installing all this plugins and seeing all GIMP's power, I'm starting to wonder why are still people ranting Adobe PhotoShop is feature rich.
That's all, enjoy the great new GIMP features. Happy picture editting 😉

How to install and configure NTP Server (ntpd) to synchronize Linux server clock over the Internet on CentOS, RHEL, Fedora

Thursday, February 9th, 2012

Every now and then I have to work on servers running CentOS or Fedora Linux. Very typical problem that I observe on many servers which I have to inherit is the previous administrator did not know about the existence of NTP (Network Time Protocol) or forgot to install the ntpd server. As a consequence the many installed server services did not have a correct clock and at some specific cases this caused issues for web applications running on the server or any CMS installed etc.

The NTP Daemon is existing in GNU / linux since the early days of Linux and it served quite well so far. The NTP protocol has been used since the early days of the internet and for centuries is a standard protocol for BSD UNIX.

ntp is available in I believe all Linux distributions directly as a precompiled binary and can be installed on Fedora, CentOS with:

[root@centos ~]# yum install ntp

ntpd synchronizes the server clock with one of the /etc/ntp.conf defined RedHat NTP list

server 0.rhel.pool.ntp.org
server 1.rhel.pool.ntp.org
server 2.rhel.pool.ntp.org

To Synchronize manually the server system clock the ntp CentOS rpm package contains a tool called ntpdate :
Hence its a good practice to use ntpdate to synchronize the local server time with a internet server, the way I prefer to do this is via a government owned ntp server time.nist.gov, e.g.

[root@centos ~]# ntpdate time.nist.gov
8 Feb 14:21:03 ntpdate[9855]: adjust time server 192.43.244.18 offset -0.003770 sec

Alternatively if you prefer to use one of the redhat servers use:

[root@centos ~]# ntpdate 0.rhel.pool.ntp.org
8 Feb 14:20:41 ntpdate[9841]: adjust time server 72.26.198.240 offset 0.005671 sec

Now as the system time is set to a correct time via the ntp server, the ntp server is to be launched:

[root@centos ~]# /etc/init.d/ntpd start
...

To permanently enable the ntpd service to start up in boot time issue also:

[root@centos ~]# chkconfig ntpd on

Using chkconfig and /etc/init.d/ntpd cmds, makes the ntp server to run permanently via the ntpd daemon:

[root@centos ~]# ps ax |grep -i ntp
29861 ? SLs 0:00 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g

If you prefer to synchronize periodically the system clock instead of running permanently a network server listening (for increased security), you should omit the above chkconfig ntpd on and /etc/init.d/ntpd start commands and instead set in root crontab the time to get synchronize lets say every 30 minutes, like so:

[root@centos ~]# echo '30 * * * * root /sbin/ntpd -q -u ntp:ntp' > /etc/cron.d/ntpd

The time synchronization via crontab can be also done using the ntpdate cmd. For example if you want to synchronize the server system clock with a network server every 5 minutes:

[root@centos ~]# crontab -u root -e

And paste inside:

*/5 * * * * /sbin/ntpdate time.nist.gov 2>1 > /dev/null

ntp package is equipped with ntpq Standard NTP Query Program. To get very basic stats for the running ntpd daemon use:

[root@centos ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
======================================================
B1-66ER.matrix. 192.43.244.18 2 u 47 64 17 149.280 41.455 11.297
*ponderosa.piney 209.51.161.238 2 u 27 64 37 126.933 32.149 8.382
www2.bitvector. 132.163.4.103 2 u 1 64 37 202.433 12.994 13.999
LOCAL(0) .LOCL. 10 l 24 64 37 0.000 0.000 0.001

The remote field shows the servers to which currently the ntpd service is connected. This IPs are the servers which ntp uses to synchronize the local system server clock. when field shows when last the system was synchronized by the remote time server and the rest is statistical info about connection quality etc.

If the ntp server is to be run in daemon mode (ntpd to be running in the background). Its a good idea to allow ntp connections from the local network and filter incoming connections to port num 123 in /etc/sysconfig/iptables :

-A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 123 -j ACCEPT
-A INPUT -s 127.0.0.1 -m state --state NEW -p udp --dport 123 -j ACCEPT
-A INPUT -s 0.0.0.0 -m state --state NEW -p udp --dport 123 -j DROP

Restrictions on which IPs can be connected to the ntp server can also be implied on a ntpd level through /etc/ntp.conf. For example if you would like to add the local network IPs range 192.168.0.1/24 to access ntpd, in ntpd.conf should be added policy:

# Hosts on local network are less restricted.
restrict 192.168.0.1 mask 255.255.255.0 nomodify notrap

To deny all access to any machine to the ntpd server add in /etc/ntp.conf:

restrict default ignore

After making any changes to ntp.conf , a server restart is required to load the new config settings, e.g.:

[root@centos ~]# /sbin/service ntpd restart

In most cases I think it is better to imply restrictions on a iptables (firewall) level instead of bothering change the default ntp.conf

Once ntpd is running as daemon, the server listens for UDP connections on udp port 123, to see it use:

[root@centos ~]# netstat -tulpn|grep -i ntp
udp 0 0 10.10.10.123:123 0.0.0.0:* 29861/ntpd
udp 0 0 80.95.28.179:123 0.0.0.0:* 29861/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 29861/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 29861/ntpd

 

RafKill Raptor Free Software (Open Source) clone for GNU/Linux

Saturday, January 28th, 2012

I've earlier blogged on playing Apogee's Raptor Shadows of Death arcade on GNU / Linux with dosbox

All the old school raptor addicts will be interested to hear Kazzmir (Jon Rafkind) a free software devotee developer has created a small game resembling many aspects of the original Raptor arcade game.
The game is called Rafkill and is aimed to be a sort of Raptor like fork/clone.
Originally the game was also named Raptor like the DOS game, however in year 2006 it was changed to current Rafkill in order to avoid legal issues with Apogee's Raptor.

The game is not anymore in active development, the latest Rafkill release is from January 2007, anyhow even for the 2012 it is pretty entertaining. The sound and music are on a good level for a Linux / BSD shoot'em'up free software game . The graphics are not of a top quality and are too childish, but this is normal, since the game is just one man masterpiece.

Rafkill Level 1 Debian GNU/Linux

Rafkill is developed in C/C++ programming language, the game music engine it uses is called DUMB (Dynamic Universal Bibliotheque). By the way DUMB library is used for music engine in many Linux arcade games. DUMB allows the Linux game developer to develop his game and play a music files within different game levels in "tracked" formats like mod, s3m, xm etc.

The game is available in compiled form for almost all existent GNU/Linux distributions, as well as one can easily port it as it is open source.

To install Rafkill on Debian, Ubuntu, Xubuntu and Linux Mint en other Debian based distros

root@debian:~# apt-get install rafkill

Installing on Fedora and other rpm based is with yum

debian:~# apt-get install rafkill
...

Once rafkill is installed, in order to start it on Debian the only way is using the rafkill (/usr/bin/rafkill) command. It appears the deb package maintainer did not wrote a gnome launcher file like for example /usr/share/applications/rafkill.desktop
Just to explain for all the GNOME noobs, the .desktop files are a description file GNOME reads in order to understand where exactly to place certain application in the (Gnome Applications, Places, System …) menu panel.

Even though it miss the .desktop, it is launchable via Applications menu under the Debian section e.g. to open it from the GNOME menus you will have to navigate to:

Applications -> Debian -> Games -> Action -> Rafkill

This "shortcut" to launch the game is quite long and hard to remember thus it is handy to directly launch it via xterm:

hipo@debian:~$ rafkill

Rafkill raptor like native Linux game main menu screenshot Debian GNU / Linux Squeeze

or by pressing ALT+F2 and typing rafkill :

Rafkill Linux game gnome launcher screenshot

Rafkill Debian Linux Level 5 power weaponscreenshot

Starting the game I got some really ugly choppy music / sound issues.
My guess was the fizzling sounds were caused by some bug with the sound portions streamed through pulseaudio sound system.
To test if my presume is correct, stopped pulseaudio and launched rafkill once again:

hipo@debian:~$ pulseaudio -k
hipo@debian:~$ rafkill

This way the game was counting on ALSA to process sound en the sound was playing perfectly fine.

I solved this problem through small wrapper shell script. The script did kill pulseaudio before launching rafkill and that way solve gchoppy sound issues, once the game execution is over the script starts pulseaudio again in order to prevent all other applications working with pulseaudio.

Finally, I've placed the executable script in /usr/bin/rafkill :

Here is the script:

#!/bin/bash
pulseaudio --kill
/usr/games/rafkill
pulseaudio --start

You can download rafkill.wrapper.sh here
Or write in root terminal:

debian:~# cd /usr/bin
debian:/usr/bin:# wget https://www.pc-freak.net/bshscr/rafkill.wrapper.sh
debian:/usr/bin:# mv https://www.pc-freak.net/bshscr/rafkill.wrapper.sh rafkill
debian:/usr/bin:# chmod +x rafkill

Interesting in Ubuntu Linux, rafkill music is okay and I suppose the bug is also solved in newer Linux distributions based on Ubuntu. Probably the Debian Squeeze pulseaudio (0.9.21-4) package version has a bug or smth..

After the change the game music will be playing fine and the game experience is cooler. The game is hard to play. Its really nice the game has game Saves, so once you die you don't have to start from level 1.

Rafkill Load menu screenshot

  I've seen rafkill rolling around on freebsd.org ftps under the ubuntu packages pool, which means rafkill could probably be played easily on FreeBSD and other BSDs.

Enjoy the cool game 😉