Posts Tagged ‘linux distributions’
Tuesday, February 5th, 2013 For people interested into statistics of how Linux existing users are spending, there log in times and what kind of commands each of users is executing, take a look at acct
acct is existing on all mainstream Linux distributions is a great sysadmin tool. acct is a great tool whether you have a system where a multitude of users you don't trust has to be monitored. It is an absolutely must have for anyone willing to run, lets say experimental honeypot or free shell host. acct is useful for paranoid sysadmins who like to always knows what there users are running as well as in situation where some of users is suspected to be a potential cracker trying to root the host.
Below is description of acct package on Debian:
# apt-cache show acct| grep -i description -A 8
Description: The GNU Accounting utilities for process and login accounting
GNU Accounting Utilities is a set of utilities which reports and summarizes
data about user connect times and process execution statistics.
.
"Login accounting" provides summaries of system resource usage based on connect
time, and "process accounting" provides summaries based on the commands
executed on the system.
.
The 'last' command is provided by the sysvinit package and not included here.
To start using acct, just install it with usual:
# apt-get install --yes acct
(Whether on Debian / Ubuntu Linux);
On Fedora, CentOS and RHEL and other RPM based Linuxes issue;
yum --y install psacct
On deb based Linux distributions, whether acct collects statistics is controlled via:
/etc/default/acct
# cat /etc/default/acct
# Defaults for acct
# If you want to keep acct installed, but not started automatically, set this
# variable to 0. Because /etc/cron.daily/acct calls the initscript daily, it is
# not sufficient to stop acct once after booting if your machine remains up.
ACCT_ENABLE="1"
# Amount of days that the logs are kept.
ACCT_LOGGING="30"
After installed to start collecting user "process accounting" data run acct via init script;
# /etc/init.d/acct start
Turning on process accounting, file set to '/var/log/account/pacct'.
Done..
The file gathering info on system usage, CPU load, user ran commands /var/log/account/psacct is a binary and unreadable tailing it with tail -f .
On CentOS / Fedora Linux to Enable acct account statistics gathering in future boot and from present moment on do;
# chkconfig psacct on
# /etc/init.d/psacct start
1. Find out all commands executed by Linux user account (lastcomm)
Once user accounting is running to get information of every command ever executed on user shell use lastcomm cmd. For example:
# lastcomm hipo
bash F hipo pts/1 0.00 secs Tue Feb 5 00:20
bash F hipo pts/1 0.03 secs Tue Feb 5 00:20
sed hipo pts/1 0.00 secs Tue Feb 5 00:20
bash F hipo pts/1 0.00 secs Tue Feb 5 00:20
uname hipo pts/1 0.00 secs Tue Feb 5 00:20
bash F hipo pts/1 0.00 secs Tue Feb 5 00:20
dircolors hipo pts/1 0.00 secs Tue Feb 5 00:20
bash F hipo pts/1 0.00 secs Tue Feb 5 00:20
bash F hipo pts/1 0.00 secs Tue Feb 5 00:20
bash F hipo pts/1 0.00 secs Tue Feb 5 00:20
uname hipo pts/1 0.00 secs Tue Feb 5 00:20
bash F hipo pts/1 0.00 secs Tue Feb 5 00:20
bash F hipo pts/1 0.00 secs Tue Feb 5 00:20
ls hipo pts/1 0.00 secs Tue Feb 5 00:20
bash F hipo pts/1 0.00 secs Tue Feb 5 00:20
bash F hipo pts/1 0.03 secs Tue Feb 5 00:20
sed hipo pts/1 0.00 secs Tue Feb 5 00:20
bash F hipo pts/1 0.00 secs Tue Feb 5 00:20
uname hipo pts/1 0.00 secs Tue Feb 5 00:20
bash F hipo pts/1 0.00 secs Tue Feb 5 00:20
id hipo pts/1 0.00 secs Tue Feb 5 00:20
mesg hipo pts/1 0.00 secs Tue Feb 5 00:20
verse hipo pts/1 0.00 secs Tue Feb 5 00:20
cowrand hipo pts/1 0.00 secs Tue Feb 5 00:20
cowsay hipo pts/1 0.03 secs Tue Feb 5 00:20
cowrand F hipo pts/1 0.00 secs Tue Feb 5 00:20
head hipo pts/1 0.00 secs Tue Feb 5 00:20
tail hipo pts/1 0.00 secs Tue Feb 5 00:20
head hipo pts/1 0.00 secs Tue Feb 5 00:20
ls hipo pts/1 0.00 secs Tue Feb 5 00:20
cowrand F hipo pts/1 0.00 secs Tue Feb 5 00:20
awk hipo pts/1 0.00 secs Tue Feb 5 00:20
wc hipo pts/1 0.00 secs Tue Feb 5 00:20
ls hipo pts/1 0.00 secs Tue Feb 5 00:20
A lot of the initial commands shown to run on pts/1 is not actual commands, by the user but are just stuff run on user login time via /etc/bash.bashrc, /etc/profile, ~/.bashrc. ~/.bash_profile.
lastcomm displayed output from 2nd column is a special flag giving more information on how and for what purpose command was executed. In above output
F – indicates the command run after a fork.
X – is returned if a command exit with SIGTERM (kill signal)
D – in case of generated command core dump (D is good one to look for whether checking a suspicious user profile, as it is so common exploits use core dumping to get root superuser access)
S – means the command is run with superuser privileges (this one you will see usually whether inspecting user profile of a cracker who run exploit using core dump – a lot of Ds followed by some shell code to run as superuser)
2. Get statistics on CPU use time of services (daemons) and user accounts
psacct is very handy, whether you have CPU server overloads and you have difficulty finding out what are the "CPU hungry processes". To get those use summarized accounting information tool;
# sa -m
2619 31.06re 0.54cp 0avio 2907k
root 2448 30.19re 0.52cp 0avio 2817k
www-data 33 0.06re 0.02cp 0avio 3687k
hipo 72 0.15re 0.01cp 0avio 6217k
qscand 11 0.36re 0.00cp 0avio 5326k
vpopmail 48 0.25re 0.00cp 0avio 1486k
qmails 6 0.00re 0.00cp 0avio 968k
sshd 1 0.04re 0.00cp 0avio 12632k
-m (prints user summary).
3. Find all system users running certain commands
Another good use of lastcomm command is to grep over all users executed command for precise commands of interest. One very good use case is if you catch a system abuser running certain exploit or DoS tool on the host and you want to make sure no-one else on the system doesn't try running it.
# lastcomm ls
ls www-data __ 0.00 secs Tue Feb 5 00:40
ls www-data __ 0.00 secs Tue Feb 5 00:30
ls hipo pts/7 0.00 secs Tue Feb 5 00:20
ls hipo pts/1 0.00 secs Tue Feb 5 00:20
ls hipo pts/1 0.00 secs Tue Feb 5 00:20
ls hipo pts/1 0.00 secs Tue Feb 5 00:20
ls hipo pts/1 0.00 secs Tue Feb 5 00:20
ls hipo pts/1 0.00 secs Tue Feb 5 00:20
ls www-data __ 0.00 secs Tue Feb 5 00:20
ls root pts/0 0.00 secs Tue Feb 5 00:10
ls root pts/0 0.00 secs Tue Feb 5 00:10
ls www-data __ 0.00 secs Tue Feb 5 00:10
4. Get statistics of most active system users in hours
There is one tool called ac, which is similar in what it does to last command, just like last it uses /var/log/wtmp binary log file to get its user login times stats . The difference is ac provides more and better structured user login time length info.
Its very useful if you want to have idea, which user spends most time connected to host.
$ ac -p
sic 4.86
hipo 4.80
root 25.80
play 0.02
To get general info on how much overall hours all existing users spend doing stuff on node;
$ ac total 35.61
To know which days from the month users were most active:
$ ac -d
Feb 1 total 14.54
Feb 2 total 0.97
Feb 3 total 12.47
Feb 4 total 5.96
Today total 1.73
Tags: Accounting, CentOS, cracker, execution statistics, existing users, fedora, free shell, honeypot, linux distributions, mainstream, multitude, rhel, sysadmin, sysadmins, system resource usage
Posted in Computer Security, Linux, System Administration | No Comments »
Monday, March 28th, 2011 Many Linux distributions’s offered MySQL server comes without a set default password, in practice you can freely login to the mysql server on a plain mysql server installation on Debian, Ubuntu or Fedora by simply issuing:
linux:~# mysql -u root
Enter password:
Pressing enter will straight let you in the mysql server. The same kind of behaviour is also probably true on BSD based and many other Unixes which have pre-installed or the option to install a new mysql server.
I remember in my past that I’ve even seen a productive mysql servers on a servers running CMS based websites which doesn’t have a root password set.
Some administrators doesn’t take the time to think about the implications of the no password mysql installation and therefore being in a hurry simply let the server without an administrator password.
This is very common for the most lame and uneducated ones. Many novice system administrators think that by installing a phpmyadmin and configuring a password on it’s web interface is equal to setting up the mysql server (daemon) a password.
Thus for all this the uneducated ones and for all those who already have noticed that their newly installed mysql server doesn’t have a password set I’ve decided to give an example how a new mysql server password can be set or how an existing mysql server pass can be changed to a new one
To make any password manipulations usually the mysql-client package does provide a very handy instrument called mysqladmin , mysqladmin has many possibilities among which is creating a new mysql server admin (root) password or changing a previously set mysql server password to a new one
1. Here is how you can set a new MySQL server password:
mysqladmin -u root 'password' YOURasddsaPASSWORDjqweHERE
2. If you need to change an already existing mysql password you need to provide just one more argument to mysqladmin:
mysqladmin -u root 'password' YOURasdfdsaNEWasddsaPASSWORD_HERE -pEnter password:
Whether the Enter password: field appears you will be required to fill in the original mysql server root password after which the password will be changed to the above string passed in to the mysqladmin command line ‘YOURasdfdsaNEWasddsaPASSWORD_HERE’
That’s all now you have either set a new password for the mysql server or have already changed your previous one.
Tags: administrator password, fedora, handy instrument, How to set password on a mysql server without a password via mysql command line interface, hurry, linux distributions, manipulations, mysql client, mysql servers, novice, phpmyadmin, server admin, server password, system administrators, web interface
Posted in MySQL, System Administration | No Comments »
Tuesday, December 25th, 2012 The good old ffmpeg, along with being able to capture sound and video from your Linux Desktop or a certain Window and Skype whatever WebCamera input is also able to record sound from both camera or embedded laptop microphone. Here is how:
# ffmpeg -f alsa -ac 2 -i pulse -acodec pcm_s16le -vcodec libx264 -vpre lossless_ultrafast -threads 0 -y myVOICE.wav
This as you can see from arguments, uses GNOME's pulseaudio (audio service) and ALSA. Sound is first streamed through alsa and then the sound inflow is passed to be processed and multipled in a separate sound channel by pulseaudio. This method though said to be working fine on Ubuntu Linux is not working well on some other Linux distributions like Debian if one is using ALSA configured to use a software sound multiplexor via the so called – alsa dsnoop interface (previously I write how to use it in order to make Skype and other programs use SoundBlaster proper – article is here)
Below is the output warning I got whether trying ffmpeg with -f alsa and -i pulse arguments:
hipo@noah:~/Desktop$ ffmpeg -f alsa -ac 2 -i pulse -acodec pcm_s16le -vcodec libx264 -vpre lossless_ultrafast -threads 0 -y myVOICE.wav
FFmpeg version SVN-r25838, Copyright (c) 2000-2010 the FFmpeg developers
built on Sep 20 2011 17:00:01 with gcc 4.4.5
configuration: --enable-libdc1394 --prefix=/usr --extra-cflags='-Wall -g ' --cc='ccache cc' --enable-shared --enable-libmp3lame --enable-gpl --enable-libvorbis --enable-pthreads --enable-libfaac --enable-libxvid --enable-postproc --enable-x11grab --enable-libgsm --enable-libtheora --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libx264 --enable-libspeex --enable-nonfree --disable-stripping --enable-avfilter --enable-libdirac --disable-decoder=libdirac --enable-libschroedinger --disable-encoder=libschroedinger --enable-version3 --enable-libopenjpeg --enable-libvpx --enable-librtmp --extra-libs=-lgcrypt --disable-altivec --disable-armv5te --disable-armv6 --disable-vis
libavutil 50.33. 0 / 50.43. 0
libavcore 0.14. 0 / 0.14. 0
libavcodec 52.97. 2 / 52.97. 2
libavformat 52.87. 1 / 52.87. 1
libavdevice 52. 2. 2 / 52. 2. 2
libavfilter 1.65. 0 / 1.65. 0
libswscale 0.12. 0 / 0.14. 1
libpostproc 51. 2. 0 / 51. 2. 0
[alsa @ 0x633160] capture with some ALSA plugins, especially dsnoop, may hang.
where concrete programs, are run which take use of OSS (Open Sound System) – an already obsolete sound architecture. By the way on current Debian / Fedora etc. Linux-es OSS is managed and played only, whether few kernel modules are already pre-loaded, below are the ones as pasted from my Debian Squeeze:
# lsmod | grep -i oss
snd_pcm_oss 32591 0
snd_mixer_oss 12606 1 snd_pcm_oss
snd_pcm 60487 3 snd_hda_intel,snd_hda_codec,snd_pcm_oss
snd 46526 15 snd_hda_codec_analog,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_rawmidi,snd_seq,snd_timer,snd_seq_device
The oss processed sound recording from ffmpeg is not working, well on my Linux, cause I have my custom (non-Debian) native binary Firefox downloaded and installed from Firefox's website.The browser is compiled to open automatically /dev/dsp which in practice uses the above-mentioned OSS listed modules, which on their behalf when used break out the sound processed by alsa and respectively pulseaudio (those who use Linux for longer time should remember in the times of OSS only one certain sound stream was possible to be processed / played on Linux historically before ALSA come to scene to be "defacto" standard kernel sound processor. Well ofcourse firefox developers who compiled the Firefox for Linux probably was using Slackware or some other Linux distro which probably used to play sound still via OSS or maybe they compiled it so thinking OSS because of its historical importance is still supported by more Linux distributions than alsa is. I like the custom compiled Firefox to run on my Debian instead of default Debian Squeeze (IceWeasel) cause firefox.org ,Firefox version is much newer and supports better latest HTML5 as well as it includes ability to download and apply automatic updates to the latest version provided by Firefox team. However I fou
Thus for Linux users like me using latest firefox binary from firefox.org (in parallel) with opened Firefox browser to record sound from Webcam or Embedded notebook mic the obsolete OSS has to be used, here is how:
# ffmpeg -f oss -ac 2 -i /dev/dsp -acodec pcm_s16le -vcodec libx264 -vpre lossless_ultrafast -threads 0 -y my-recorder-VOICE.wav
Enjoy ;)
Tags: alsa, analog, cflags, fedora, ffmpeg, laptop, Linux, linux desktop, linux distributions, microphone input, multiplexor, squeeze, threads, ultrafast, vcodec
Posted in Linux and FreeBSD Desktop, Linux Audio & Video | 3 Comments »
Tuesday, July 17th, 2012 I use Debian Linux for my desktop for quite some time; Even though there are plenty of MP3 / CD players around in Debian, I’m used to the good old XMMS, hence I often prefer to use XMMS to play my music instead of newer players like RhythmBox or audacious.
Actually audacious is not bad substitute for XMMS and is by default part of Debian but to me it seems more buggy and tends to crash during playing some music formats more than xmms ….
As most people might know, XMMS is no longer supported in almost all modern Linux distributions, so anyone using Debian, Ubuntu or other deb derivative Linux would have to normally compile it from source.
Compiling from source is time consuming and I think often it doesn’t pay back the effort. Thanksfully, though not officially supported by Debian crew XMMS still can be installed using a deb xmms prebuilt package repository kindly provided by a hacker fellow knuta.
Using the pre-build deb packages, installing xmms on new Debian installs comes to:
debian:~# echo 'deb http://www.pvv.ntnu.no/~knuta/xmms/squeeze ./' >> /etc/apt/sources.list
debian:~# echo 'deb-src http://www.pvv.ntnu.no/~knuta/xmms/squeeze ./' >> /etc/apt/sources.list
debian:~# apt-get update && apt-get -y install xmms
There are also deb xmms built for Ubuntu, so Ubuntu users could install xmms using repositories:
deb http://www.pvv.ntnu.no/~knuta/xmms/karmic ./
deb-src http://www.pvv.ntnu.no/~knuta/xmms/karmic ./
That’s all now xmms is ready to use. Enjoy 🙂
Tags: amp, Auto, buggy, Compiling, consuming, Crew, deb, deb packages, Debian, Desktop, Draft, fellow, hacker, Installing, Linux, linux distributions, mp3 cd players, music, music formats, package, pvv, quite some time, repositories, repository, RhythmBox, squeeze, substitute, Thanksfully, time, time consuming, Ubuntu, update, way, XMMS, xmmsThere
Posted in System Administration | No Comments »
Monday, April 30th, 2012 I'm used to making picture screenshots in GNOME desktop environment. As I've said in my prior posts, I'm starting to return to my old habits of using console ttys for regular daily jobs in order to increase my work efficiency. In that manner of thoughts sometimes I need to take a screenshot of what I'm seeing in my physical (TTY consoles) to be able to later reuse this. I did some experimenting and this is how this article got born.
In this post, I will shortly explain how a picture of a command running in console or terminal in GNU / Linux can be made
Before proceeding to the core of the article, I will say few words on ttys as I believe they might be helpful someone.
The abbreviation of tty comes after TeleTYpewritter phrase and is dating back somewhere near the 1960s. The TTY was invented to help people with impaired eyesight or hearing to use a telephone like typing interface.
In Unix / Linux / BSD ttys are the physical consoles, where one logs in (typing in his user/password). There are physical ttys and virtual vtys in today *nixes. Today ttys, are used everywhere in a modern Unixes or Unix like operating system with or without graphical environments.
Various Linux distributions have different number of physical consoles (TTYs) (terminals connected to standard output) and this depends mostly on the distro major contributors, developers or surrounding OS community philosophy.
Most modern Linux distributions have at least 5 to 7 physical ttys. Some Linux distributions like Debian for instance as of time of writting this, had 7 active by default physical consoles.
Adding 3 more ttys in Debian / Ubuntu Linux is done by adding the following lines in /etc/inittab:
7:23:respawn:/sbin/getty 38400 tty7
8:23:respawn:/sbin/getty 38400 tty8
9:23:respawn:/sbin/getty 38400 tty9
On some Linux distributions like Fedora version 9 and newer ones, new ttys can no longer be added via /etc/inittab,as the RedHat guys changed it for some weird reason, but I guess this is too broad issue to discuss ….
In graphical environments ttys are called methaphorically "virtual". For instance in gnome-terminal or while connecting to a remote SSH server, a common tty naming would be /dev/pts/8 etc.
tty command in Linux and BSDs can be used to learn which tty, one is operating in.
Here is output from my tty command, issued on 3rd TTY (ALT+F3) on my notebook:
noah:~# tty
/dev/tty3
A tty cmd output from mlterm GUI terminal is like so:
hipo@noah:~$ tty/dev/pts/9
Now as mentioned few basic things on ttys I will proceed further to explain how I managed to:
a) Take screenshot of a plain text tty screen into .txt file format
b) take a (picture) JPG / PNG screenshot of my Linux TTY consoles content
1. Take screenshot of plain text tty screen into a plain (ASCII) .txt file:
To take a screenshot of tty1, tty2 and tty3 text consoles in a txt plain text format, cat + a standard UNIX redirect is all necessery:
noah:~# cat /dev/vcs1 > /home/hipo/tty1_text_screenshot.txt
noah:~# cat /dev/vcs2 > /home/hipo/tty2_text_screenshot.txt
noah:~# cat /dev/vcs3 > /home/hipo/tty3_text_screenshot.txt
This will dump the text content of the console into the respective files, if however you try to dump an ncurses library like text interactive interfaces you will end up with a bunch of unreadable mess.
In order to read the produced text 'shots' onwards less command can be used …
noah:~# less /home/hipo/tty1_text_screenshot.txt
noah:~# less /home/hipo/tty2_text_screenshot.txt
noah:~# less /home/hipo/tty3_text_screenshot.txt
2. Take picture JPG / PNG snapshot of Linux TTY console content
To take a screenshot of my notebook tty consoles I had to first install a "third party program" snapscreenshot . There is no deb / rpm package available as of time of writting this post for the 4 major desktop linux distributions Ubuntu, Debian, Fedora and Slackware.
Hence to install snapscreenshot,I had to manually download the latest program tar ball source and compile e.g.:
noah:~# cd /usr/local/src
noah:/usr/local/src# wget -q http://bisqwit.iki.fi/src/arch/snapscreenshot-1.0.14.3.tar.bz2
noah:/usr/local/src# tar -jxvvvf snapscreenshot-1.0.14.3.tar.bz2
…
noah:/usr/local/src# cd snapscreenshot-1.0.14.3
noah:/usr/local/src/snapscreenshot-1.0.14# ./configure && make && make install
Configuring…
Fine. Done. make.
make: Nothing to be done for `all'.
if [ ! "/usr/local/bin" = "" ]; then mkdir –parents /usr/local/bin 2>/dev/null; mkdir /usr/local/bin 2>/dev/null; \
for s in snapscreenshot ""; do if [ ! "$s" = "" ]; then \
install -c -s -o bin -g bin -m 755 "$s" /usr/local/bin/"$s";fi;\
done; \
fi; \
if [ ! "/usr/local/man" = "" ]; then mkdir –parents /usr/local/man 2>/dev/null; mkdir /usr/local/man 2>/dev/null; \
for s in snapscreenshot.1 ""; do if [ ! "$s" = "" ]; then \
install -m 644 "$s" /usr/local/man/man"`echo "$s"|sed 's/.*\.//'`"/"$s";fi;\
done; \
fi
By default snapscreenshot command is made to take screenshot in a tga image format, this format is readable by most picture viewing programs available today, however it is not too common and not so standartized for the web as the JPEG and PNG.
Therefore to make the text console tty snapshot taken in PNG or JPEG one needs to use ImageMagick's convert tool. The convert example is also shown in snapscreenshot manual page Example section.
To take a .png image format screenshot of lets say Midnight Commander interactive console file manager running in console tty1, I used the command:
noah:/home/hipo# snapscreenshot -c1 -x1 > ~/console-screenshot.tga && convert ~/console-screenshot.tga console-screenshot.png
Note that you need to have read/write permissions to the /dev/vcs* otherwise the snapscreenshot will be unable to read the tty and produce an error:
hipo@noah:~/Desktop$ snapscreenshot -c2 -x1 > snap.tga && convert snap.tga snap.pngGeometry will be: 1x2Reading font…/dev/console: Permission denied
To take simultaneous picture screenshot of everything contained in all text consoles, ranging from tty1 to tty5, issue:
noah:/home/hipo# snapscreenshot -c5 -x1 > ~/console-screenshot.tga && convert ~/console-screenshot.tga console-screenshot.png
Here is a resized 480×320 pixels version of the original screenshot the command produces:
Storing a picture shot of the text (console) screen in JPEG (JPG) format is done analogously just the convert command output extension has to be changed to jpeg i.e.:
noah:/home/hipo# snapscreenshot -c5 -x1 > ~/console-screenshot.tga && convert ~/console-screenshot.tga console-screenshot.jpeg
I've also written a tiny wrapper shell script, to facilitate myself picture picture taking as I didn't like to type each time I want to take a screenshot of a tty the above long line.
Here is the wrapper script I wrote:
#!/bin/sh
### Config
# .tga produced file name
output_f_name='console-screenshot.tga';
# gets current date
cur_date=$(date +%d_%m_%Y|sed -e 's/^ *//');
# png output f name
png_f_name="console-screenshot-$cur_date.png";
### END Config
snapscreenshot -c$arg1 -x1 > $output_f_name && convert $output_f_name $png_f_name;
echo "Output png screenshot from tty1 console produced in";
echo "$PWD/$png_f_name";
/bin/rm -f $output_f_name;
You can also download my console-screenshot.sh snapscreenshot wrapper script here
The script is quite simplistic to use, it takes just one argument which is the number of the tty you would like to screenshot.
To use my script download it in /usr/local/bin and set it executable flag:
noah:~# cd /usr/local/bin
noah:/usr/local/bin# wget -q https://www.pc-freak.net/~bshscr/console-screenshot.sh
noah:/usr/local/bin# chmod +x console-screenshot.sh
Onwards to use the script to snapshot console terminal (tty1) type:
noan:~# console-screenshot.sh
I've made also mirror of latest version of snapscreenshot-1.0.14.3.tar.bz2 here just in case this nice little program disappears from the net in future times.
Tags: Auto, BSD, community philosophy, consoles, Desktop, Draft, eyesight, fedora, few words, file, getty, Gnome, gnome desktop environment, gnu linux, graphical environment, graphical environments, inittab, instance, JPG, linux distributions, nbsp, noah, old habits, os community, phrase, png, quot, screen, screenshot, someone, TeleTYpewritter, terminal, text, time, ttys, Ubuntu, ubuntu linux, unix linux, work, work efficiency
Posted in Linux, System Administration | 3 Comments »
Friday, August 13th, 2010 If you want to imrpove your internet privacy through tor-rifing your network traffic of ICQ and MSN networks.
Do the following:
1. Install tor server
debian:~# apt-get install tor
2. Install the polipo caching proxy
debian:~# apt-get install polipo
3. Download and overwrite default polipo configuration with the one from torproject.org
This is necessary to configure in order to have polipo adapted to work with tor, so issue the following commands:
debian:~# cd /etc/polipo
debian:~# wget https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf
debian:~# mv config config.bak
debian:~# mv polipo.conf config
4. Restart polipo for the new config settings to take affect
debian:~# /etc/init.d/polipo restart
Make sure in your /etc/tor/torrc you have existing the following two torrc directives:
debian:~# vim /etc/tor/torrc
SocksPort 9050 # what port to open for local application connections
SocksListenAddress 127.0.0.1 # accept connections only from localhost
5. Start up tor server if it’s not already started
debian:~# /etc/init.d/tor retart
6. Install pidgin if you haven’t got it installed already
debian:~# apt-get install pidgin
8. Start up the recent installed pidgin multi-protocol instant messanger
hipo@debian:~$ pidgin &
If you already previously properly installed and configured version of pidgin.
9. In pidgin messanger do the following changes to configure it to proxy traffic via tor
In your either your existing ICQ / MSN pidgin account navigate to:
- Accounts -> Manage Accounts
- Under Protocol ICQ
-
click Modify..
- Now go to Proxy
The default Proxy setting in Debian Sid/Squeeze would Use GNOME Proxy Settings however in other Linux distributions or *BSD it could be either No Proxy or some other setting.
- Now substitute whatever options is choosen with SOCKS 5
- In the below data input field with a name Host: type 127.0.0.1
- For the Port: field box type the port 9050
You specify for a local proxy port 9050 because this is the default port where we have previosly configured polipo to proxify traffic to tor’s anonymity network
The settings tor tunneling of traffic for Protocol MSN are analogous like for the ICQ Protocol so I won’t repeat myself on that.
This described tor tunneling for ICQ and MSN traffic should be applicable to other IM protocols under the same logic.
Here is the time to nota that the above instructions should be also applicable for Gain with minor changes or even without any.
Of course because tunneling traffic via Poplipo and it’s handling over to a tor node which will pass traffic randomly through different geographical locations whether tor servers reside will be more time consuming, so login account login time to your Messanger protocol of choice will vary and would be a bit longer.
The use of tor for your MSN and ICQ traffic is twofold:
1. Using tor anonymizing traffic network will keep your anonymity on the net private
2. Using the tor anonimity online services will let you access IM servers despite firewall blocking applied by administrators on certain places for instance (in your School or Your work env) and will therefore let you still use your favourite IM in spite of the applied firewall restrictions.
Anyways as we all know life is not perfect 🙂
Despite the slower logins and the bit slower message transmission, at least you won’t be easily tracable by third party prying eyes,
administrators or any other messanger spying sniffer traffic logger installed somewhere in between yourself and the end side of an IM server.
Hope this article helps somebody out there and will be a step further in the battle for securying your privacy online.
Tags: amp, Anonymising ICQ and MSN and other messangers via Tor on Linux, bak, config, config settings, configure, debian sid, Gnome, hipo, icq, init, Install, instant messanger, internet privacy, linux distributions, localhost, login, Manage, messangers, MSN, mv, nbsp, network traffic, overwrite, pidgin, polipo, Privacy, Protocol, proxy settings, Restart, retart, scripts, squeeze, time, tor, torproject, type, vim, wget
Posted in Computer Security, FreeBSD, Linux, Linux and FreeBSD Desktop | 3 Comments »
Friday, January 27th, 2012 By default latest Debian GDM does not provide an automatic way to login using user AVATARS (like Windows does).
This is pretty strange, especially if you compare to Ubuntu and many other Linux distributions which already has support for AVATAR login via GDM
The reason for this is that currently Debian is shipped with old version of gdm2 and this gdm version does not have support for clickable login avatars.
Debian looks by default like this:
Thanksfully this non-user friendly GNOME login screen behaviour can be changed by simply installing gdm3
root@debian:~# apt-get --yes install gdm3
...
This will remove the old gdm installed package as well as fast-user-switch-applet and install the gdm3.
Having installed the gdm3 with configured a background will look like so:
I was quite stunned that gdm3 does not have included support for themes . As far as I've spoken with some ppl in irc.freenode #gnome the reason for this oddity is it crashed a lot when a theme is configred.
By default the gdm2 themes are provided by a package called gdm-themes, since gdm3 does not support themes (yet), the package gdm3-themes is missing.
Tags: avatar, avatars, behaviour, Debian, debian gnu, freenode, GDM, Gnome, gnu linux, Linux, linux distributions, login, nbsp, non-user, oddity, old version, package, ppl, reason, root, screen, squeeze, support, support themes, Thanksfully, theme, Ubuntu, version, way
Posted in Gnome, Linux, Linux and FreeBSD Desktop, Various | No Comments »
Tuesday, February 28th, 2012 These days, I'm playing with The GIMP. I've been a GNU / Linux, FreeBSD user for already 11 years now but as I'm doing mostly system administration and I don't have much expertise in Panting or Computer Graphical Design, I've never put much time to learn more in the interesting area of graphical design. Hence until just recently, Just until now, I've never spend time with the GIMP (GNU Image Manipulation Program) and never realized how powerful this great program is. The more I learn about GIMP functionalities and how it works the more it makes me determined to learn some basic web design 🙂
The functionality which The GIMP offers in a basic install is quite rich, however by default on most Debian and Ubuntu installations many of the great plugins which easifies the way to edit pictures is missing.
Example for a very valuable functionality which is not present with standard gimp package installed on Debian and Ubuntu are:
…
Here I will mention here few words on:
- GIMP FX-Foundry Collection
GIMP FX-Foundry is a thoroughful collection of GIMP scripts (addon plugins), that automates many of the operations which requires a professional web design skills and gives an easy intuitive interface through which very robust "high level" graphic design can be accomplished. This additional GIMP extensions helps to create very unique design in just few simple steps, as well as gives multiple tools for the sake of easy pro design creation. For anyone looking for quick edit of images with GIMP FX-Foundry is a must have GIMP plugins extension. The script pack is located on http://gimpfx-foundry.sourceforge.net/
To install FX-Foundry scripts collection on Debian / Ubuntu / Linux Mint and other based Linux distributions:
debian:~# apt-get install --yes gimp-plugin-registry
...
gimp-plugin-registry package name is based on GIMP Plugin registry's website
. Gimp plugin registry contains many helpful design goodies 🙂
Once installed you will notice GIMP with a new menu on the main menus bar reading FX-Foundry :
GIMP FX Foundry extensionos package contains 124 scripts for additional graphics manipulation. The collection contains less scripts than the ones provided by gimp-plugin-registry. package has 156 scripts inside.
One of the most helpful GIMP addition from the package is the inclusion of Save for Web button under:
File -> Save for Web
Another very helpful .deb package which adds up to GIMP's design possibilities is gimp-data-extras .
gimp-data-extras adds 111 new GIMP Fill in Patterns , which can be used through the Blend Tool to Fill selected areas with color gradients.
To install gimp-data-extras on Debian:
debian:~# apt-get install --yes gimp-data-extras
...
Generally once installed this package will add to GIMP – an extra set of brushes, palettes, and gradients for The GIMP as you can read in the package description.
I was also quite stunned to find out the good old GIMP is capable of basic Video editting!!
On Debian and Ubuntu there is a package called gimp-gap which once installed adds an extra Video menu.
I've not tested the GIMP video editting capabilities yet, however I intend to learn something about it immediately when I have some free time left. You see the enormous list of Video editting possibilities GIMP obtaines with gimp-gap which btw stands for (The GIMP Animation Package).
To install gimp-gap:
debian:~# apt-get install --yes gimp-gap
I've noticed also the following list of others useful GIMP additions (mainly helpful in Web, Brochure and Logo Graphic Design) to install them:
debian:~# apt-get --yes install gimp-gmic gimp-ufraw gtkam-gimp gimp-gluas \gimp-dimage-color gimp-dds gimp-dcraw gimp-cbmplugs flegita-gimp gimp-texturize \gimp-resynthesizer gimp-lensfun gimp-gutenprint gtkam-gimp mrwtoppm-gimp
Here is the package description of the packages above command will install:
- gimp-cbmplugs – plugins for The GIMP to import/export Commodore 64 files
- gimp-data-extras – An extra set of brushes, palettes, and gradients for The GIMP
- gimp-dcraw – GIMP plug-in for loading RAW digital photos
- gimp-dds – DDS (DirectDraw Surface) plugin for the gimp
- gimp-dimage-color – GIMP plugin to convert Minolta DiMAGE pictures to sRGB colour space
- gimp-gap – The GIMP Animation Package
- gimp-gluas – Lua environment plug-in for GIMP
- gimp-gmic – GIMP plugin for GREYC's Magic Image Converter
- gimp-gutenprint – print plugin for the GIMP
- gimp-lensfun – Gimp plugin to correct lens distortion using the lensfun library
- gimp-normalmap – Normal map plugin for GIMP
- gimp-plugin-registry – repository of optional extensions for GIMP
- gimp-resynthesizer – Gimp plugin for texture synthesis
- gimp-texturize – generates large textures from a small sample
- gimp-ufraw – gimp importer for raw camera images
- flegita-gimp – Gnome Gimp scan plugin.
- gtkam-gimp – gtkam gimp plugin to open digital camera pictures
- mrwtoppm-gimp – GIMP-plugin to support Minolta DiMAGE 5/7/7i RAW images
Now after installing all this plugins and seeing all GIMP's power, I'm starting to wonder why are still people ranting Adobe PhotoShop is feature rich.
That's all, enjoy the great new GIMP features. Happy picture editting 😉
Tags: addon, Auto, basic web design, collection etc, Computer, copyright text, Design, design creation, Draft, existence, few words, foundry, freebsd user, functionalities, FX-Foundry, gnu image manipulation, gnu image manipulation program, graphical design, image manipulation program, intuitive interface, level, Linux, linux distributions, linux freebsd, manipulation, menu, Pack, package, photo, photo effects, plugin, plugin registry, professional web design, program, reading, SaveForWeb, script, script pack, simple steps, system, time, Ubuntu, ubuntu linux, unique design, web design skills
Posted in Linux, Linux and FreeBSD Desktop, System Administration, Various, Web and CMS | No Comments »
Thursday, February 9th, 2012 Every now and then I have to work on servers running CentOS or Fedora Linux. Very typical problem that I observe on many servers which I have to inherit is the previous administrator did not know about the existence of NTP (Network Time Protocol) or forgot to install the ntpd server. As a consequence the many installed server services did not have a correct clock and at some specific cases this caused issues for web applications running on the server or any CMS installed etc.
The NTP Daemon is existing in GNU / linux since the early days of Linux and it served quite well so far. The NTP protocol has been used since the early days of the internet and for centuries is a standard protocol for BSD UNIX.
ntp is available in I believe all Linux distributions directly as a precompiled binary and can be installed on Fedora, CentOS with:
[root@centos ~]# yum install ntp
ntpd synchronizes the server clock with one of the /etc/ntp.conf defined RedHat NTP list
server 0.rhel.pool.ntp.org
server 1.rhel.pool.ntp.org
server 2.rhel.pool.ntp.org
To Synchronize manually the server system clock the ntp CentOS rpm package contains a tool called ntpdate :
Hence its a good practice to use ntpdate to synchronize the local server time with a internet server, the way I prefer to do this is via a government owned ntp server time.nist.gov, e.g.
[root@centos ~]# ntpdate time.nist.gov
8 Feb 14:21:03 ntpdate[9855]: adjust time server 192.43.244.18 offset -0.003770 sec
Alternatively if you prefer to use one of the redhat servers use:
[root@centos ~]# ntpdate 0.rhel.pool.ntp.org
8 Feb 14:20:41 ntpdate[9841]: adjust time server 72.26.198.240 offset 0.005671 sec
Now as the system time is set to a correct time via the ntp server, the ntp server is to be launched:
[root@centos ~]# /etc/init.d/ntpd start
...
To permanently enable the ntpd service to start up in boot time issue also:
[root@centos ~]# chkconfig ntpd on
Using chkconfig and /etc/init.d/ntpd cmds, makes the ntp server to run permanently via the ntpd daemon:
[root@centos ~]# ps ax |grep -i ntp
29861 ? SLs 0:00 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
If you prefer to synchronize periodically the system clock instead of running permanently a network server listening (for increased security), you should omit the above chkconfig ntpd on and /etc/init.d/ntpd start commands and instead set in root crontab the time to get synchronize lets say every 30 minutes, like so:
[root@centos ~]# echo '30 * * * * root /sbin/ntpd -q -u ntp:ntp' > /etc/cron.d/ntpd
The time synchronization via crontab can be also done using the ntpdate cmd. For example if you want to synchronize the server system clock with a network server every 5 minutes:
[root@centos ~]# crontab -u root -e
And paste inside:
*/5 * * * * /sbin/ntpdate time.nist.gov 2>1 > /dev/null
ntp package is equipped with ntpq – Standard NTP Query Program. To get very basic stats for the running ntpd daemon use:
[root@centos ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
======================================================
B1-66ER.matrix. 192.43.244.18 2 u 47 64 17 149.280 41.455 11.297
*ponderosa.piney 209.51.161.238 2 u 27 64 37 126.933 32.149 8.382
www2.bitvector. 132.163.4.103 2 u 1 64 37 202.433 12.994 13.999
LOCAL(0) .LOCL. 10 l 24 64 37 0.000 0.000 0.001
The remote field shows the servers to which currently the ntpd service is connected. This IPs are the servers which ntp uses to synchronize the local system server clock. when field shows when last the system was synchronized by the remote time server and the rest is statistical info about connection quality etc.
If the ntp server is to be run in daemon mode (ntpd to be running in the background). Its a good idea to allow ntp connections from the local network and filter incoming connections to port num 123 in /etc/sysconfig/iptables :
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 123 -j ACCEPT
-A INPUT -s 127.0.0.1 -m state --state NEW -p udp --dport 123 -j ACCEPT
-A INPUT -s 0.0.0.0 -m state --state NEW -p udp --dport 123 -j DROP
Restrictions on which IPs can be connected to the ntp server can also be implied on a ntpd level through /etc/ntp.conf. For example if you would like to add the local network IPs range 192.168.0.1/24 to access ntpd, in ntpd.conf should be added policy:
# Hosts on local network are less restricted.
restrict 192.168.0.1 mask 255.255.255.0 nomodify notrap
To deny all access to any machine to the ntpd server add in /etc/ntp.conf:
restrict default ignore
After making any changes to ntp.conf , a server restart is required to load the new config settings, e.g.:
[root@centos ~]# /sbin/service ntpd restart
In most cases I think it is better to imply restrictions on a iptables (firewall) level instead of bothering change the default ntp.conf
Once ntpd is running as daemon, the server listens for UDP connections on udp port 123, to see it use:
[root@centos ~]# netstat -tulpn|grep -i ntp
udp 0 0 10.10.10.123:123 0.0.0.0:* 29861/ntpd
udp 0 0 80.95.28.179:123 0.0.0.0:* 29861/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 29861/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 29861/ntpd
Tags: Auto, boot time, BSD, bsd unix, CentOS, configure, consequence, correct time, dport, Draft, early days of the internet, existence, feb 14, GNU, gnu linux, government, init, INPUT, internet server, level, linux distributions, list server, listserver, network time protocol, ntp daemon, ntp protocol, ntpd, ntpntpd, orgserver, package, Protocol, Redhat, root, rpm, server, server clock, server services, server system, server time, standard protocol, system, system clock, system time, time issue, time server, tool, typical problem, yum
Posted in Linux, System Administration | 1 Comment »
Saturday, January 28th, 2012 I've earlier blogged on playing Apogee's Raptor Shadows of Death arcade on GNU / Linux with dosbox
All the old school raptor addicts will be interested to hear Kazzmir (Jon Rafkind) a free software devotee developer has created a small game resembling many aspects of the original Raptor arcade game.
The game is called Rafkill and is aimed to be a sort of Raptor like fork/clone.
Originally the game was also named Raptor like the DOS game, however in year 2006 it was changed to current Rafkill in order to avoid legal issues with Apogee's Raptor.
The game is not anymore in active development, the latest Rafkill release is from January 2007, anyhow even for the 2012 it is pretty entertaining. The sound and music are on a good level for a Linux / BSD shoot'em'up free software game . The graphics are not of a top quality and are too childish, but this is normal, since the game is just one man masterpiece.
Rafkill is developed in C/C++ programming language, the game music engine it uses is called DUMB (Dynamic Universal Bibliotheque). By the way DUMB library is used for music engine in many Linux arcade games. DUMB allows the Linux game developer to develop his game and play a music files within different game levels in "tracked" formats like mod, s3m, xm etc.
The game is available in compiled form for almost all existent GNU/Linux distributions, as well as one can easily port it as it is open source.
To install Rafkill on Debian, Ubuntu, Xubuntu and Linux Mint en other Debian based distros
root@debian:~# apt-get install rafkill
Installing on Fedora and other rpm based is with yum
debian:~# apt-get install rafkill
...
Once rafkill is installed, in order to start it on Debian the only way is using the rafkill (/usr/bin/rafkill) command. It appears the deb package maintainer did not wrote a gnome launcher file like for example /usr/share/applications/rafkill.desktop
Just to explain for all the GNOME noobs, the .desktop files are a description file GNOME reads in order to understand where exactly to place certain application in the (Gnome Applications, Places, System …) menu panel.
Even though it miss the .desktop, it is launchable via Applications menu under the Debian section e.g. to open it from the GNOME menus you will have to navigate to:
Applications -> Debian -> Games -> Action -> Rafkill
This "shortcut" to launch the game is quite long and hard to remember thus it is handy to directly launch it via xterm:
hipo@debian:~$ rafkill
or by pressing ALT+F2 and typing rafkill :
Starting the game I got some really ugly choppy music / sound issues.
My guess was the fizzling sounds were caused by some bug with the sound portions streamed through pulseaudio sound system.
To test if my presume is correct, stopped pulseaudio and launched rafkill once again:
hipo@debian:~$ pulseaudio -k
hipo@debian:~$ rafkill
This way the game was counting on ALSA to process sound en the sound was playing perfectly fine.
I solved this problem through small wrapper shell script. The script did kill pulseaudio before launching rafkill and that way solve gchoppy sound issues, once the game execution is over the script starts pulseaudio again in order to prevent all other applications working with pulseaudio.
Finally, I've placed the executable script in /usr/bin/rafkill :
Here is the script:
#!/bin/bash
pulseaudio --kill
/usr/games/rafkill
pulseaudio --start
You can download rafkill.wrapper.sh here
Or write in root terminal:
debian:~# cd /usr/bin
debian:/usr/bin:# wget https://www.pc-freak.net/bshscr/rafkill.wrapper.sh
debian:/usr/bin:# mv https://www.pc-freak.net/bshscr/rafkill.wrapper.sh rafkill
debian:/usr/bin:# chmod +x rafkill
Interesting in Ubuntu Linux, rafkill music is okay and I suppose the bug is also solved in newer Linux distributions based on Ubuntu. Probably the Debian Squeeze pulseaudio (0.9.21-4) package version has a bug or smth..
After the change the game music will be playing fine and the game experience is cooler. The game is hard to play. Its really nice the game has game Saves, so once you die you don't have to start from level 1.
I've seen rafkill rolling around on freebsd.org ftps under the ubuntu packages pool, which means rafkill could probably be played easily on FreeBSD and other BSDs.
Enjoy the cool game 😉
Tags: active development, arcade game, arcade games, Auto, BSD, c c programming language, c programming language, clone, deb package, Desktop, desktop files, different game, dos game, Draft, Engine, file, form, Free, game developer, game levels, game music, Gnome, hipo, level, Linux, linux distributions, linux game, menu, mod, music engine, Open, open source clone, package, package maintainer, pulseaudio, quot, script, shadows of death, share applications, small game, software, software game, software open source, Ubuntu, Universal, wrapper, year
Posted in Games Linux, Linux, Linux and FreeBSD Desktop | 1 Comment »