Posts Tagged ‘configure’

« Older Entries
Newer Entries »

How to improve your web browser security – Better securing your personal identity privacy on the Net

Monday, August 2nd, 2010

improve-browser-security-howto-improve-firefox-chrome-security
Nowadays internet privacy has become a taboo. Many people do understand how vital is it to protect your privacy online.
Unfortunately not much has done much in order to improve their state of security whilst on the net.
In this article you’re about to find out how trusted and secure is the browsing in the Internet and next to it you will find some possibleways and thoughts how you can improve your personal privacy and the amount of information your browser reveals about your (habits, interestest, and, lifestyle) while surfing online.
There are a lot of private information that can leak through a simple web serarch, let’s say you decide to search for some kind of sickness and it’s treatment.. just few minutes later the paid advertisement popping up will be showing up targetting ads related to your previous sickness google search.
This is tiny bit of information your browser reveals, however there is much much more. So let me give you a few more examples:
Let’s say you visit a website with an Adobe Flash browser player enabled. It’s very likely that the website will have flash advertisement this popular this day. If that is the scenario it’s very likely that the flash application is built to use тхе so called flash cookies supported.
You might have never heard about flash cookies but anyways this one of cookies are one of the most malicious cookies ever invented.
One of the main reason they’re so dubious is the fact THEY NEVER EXPIRE!
Though as with normal cookies flash cookies are used for storing user details, let’s say your profile details or settings concerning your youtube video player etc. and this sound nice, market guys use the same features to track what you do online.
Using flash cookies for instance everybody who cratefted a specific adobe flash page is able to list your flash cookies stored browser history!
To partly setup the behaviour of your Flash player and change the defailt flash player settings for good use the flashplayer settings manager

It’s really odd that the only way to configure flash is to configure it via adobe’s webpage this is much sneaky since, God only knows what kind of information as well probably your whole flash browser history and flash cookies is being sent Adobe for later analysis.
Moreover the flash player is a propriatary software and this makes it even more likely to have included some extra spying software and stuff alike ..

To see all the stored information by flash about a websites you have visited check out:

flashplayer settings manager

Honestly I was quite shocked when I saw many websites I have visited for the rest 1.5+ year listed.

From hence since we know how “evil” flash storage manager cookies are, one sure step to increase your browser privacy is to periodically get rid of Flash Storage (Flash Cookies).
To achieve periodical flash cookies wipe out on Linux, below I provide you with a tiny .tcsh script which is tested and is working on Debian and Ubuntu. Get rid of Local Flash Storage shell script for Linux
(Stores data of the websites you have visited using your browser flash player)

To check your general Browser security The Electronic Frontier Foundation has developed a special website to test your browser anonymity visit penoptickclick.eff.org and click the > TEST ME button

In my case all my installed browser plugins were listed as well many information related to what kind of browser I use the version on the architecture I’m running on etc. etc.
Thereafter navigate to about:config and set the variable dom.storage.enabled to false . This will completely disable the DOM cookies which by the way never expire!
DOM cookies aren’t so widely used yet but still it’s possible that some websites online has stareted using them, since they’re completely junky and bad designed for instance DOM a cookie can contant up to (100KB) of information. then it’s best that you disable them completely.
Another recommendable thing to disable on your Iceweasel / Firefox that will tighten up your security is the keyword.enabled variable click twice on it and assure yourself it reads false
Disabling it will prevent the google word suggest to appear each time you type something in Google search box, albeit not every character you type will be sent to Google.

Also a really nice worthy reading is the article explaining dom cookies
Take some time and read it to get a better idea on DOM cookies what they are and why you don’t want them.
Likewise take a look at Flash Cookie Forensics for a bit more insight on the flash cookies

After reading the article about flash cookies, I came to the conclusion that maybe it’s best that they’re completely enabled. Anyways if they’re disabled then many websites won’t work properly which is something we don’t want.
It’s rather strange that the only available way to control your flash and disable the flash cookies is via Flashplayer Web Based Setting Manager
Since it’s “Web Based Manager” and it is hosted on Adobe’s web site this probably means that everything you do through it gets logged by Adobe, not so nice (neither secure) heh ..

It’s recommended also to install and configure the following list of extra Firefox plugins to ensure a bit more Anonimity while surfing on the Internet.

  • Adblock Plus
  • AntiSocial
  • BeeFree
  • Beef Taco
  • BetterPrivacy
  • DownloadHelper
  • Download Statusbar
  • Live HTTP Headers
  • No FB Tracking
  • NoScript
  • RefControl

Now configure AdBlock plus to work with EasyPrivacy+EasyList (by default it works only with EasyList).
To subscribe for ABP EasyPrivacy click here

BeeFree Mozilla Addon .
Is under the GNU GPL license and it helps you defend a bit more your privacy. It’s advantage use is to prevent search engines from knowing which links from their search results is most probably for you to check. Looks like a promising and great stuff
It is said in the add-on website that as a side effect of using the plugin it will probably increase your browser speed.
This post has highly adopted information from the Bulgarian Article by Anton Zinoviev, 2010 About your web browser and the inviolability of your personal life
Big thanks to Anton Zinoviev for the time and effort taken to research on the topic of browser security and write this wonderful thoroughful article.
To configure the BeeFree Firefox security tightening browser addon you will have to type in your browser URL address bar once again
about:config
Now you will have to look up for the following browser config keys:

extensions.beefree.websites.default.header.accept-charset.action
a
Set it’s value to be 2 e.g. extensions.beefree.websites.default.header.accept-charset.action = 2
Now look for the key value extensions.beefree.websites.default.header.accept-charset.value.text and set it’s value to:
*/*
Changing the extensions.beefree.websites.default.header.accept-charset.action = */* will make BeeFree compatible to some securing anti spam programs.
Last thing to do to complete the BeeFree configuration create the key value extensions.beefree.website.generic.header.useragent.action
To create this one press on a random key the last mouse button and select New -> Integer
The value for the newly created extensions.beefree.website.generic.header.useragent.action should be set to 4
Creating this key will instruct beefree to protect your browser from revealing it’s browser version variable.
Interesting to say each restart of the browser will make BeeFree to select a random Firefox Linux or Windows version, dependant of the OS type you use.

The AntiSocial addon will prevent your browser from revealing information to Facebook about your personal interests. It blocks the facebook elements which are being embedded to your browser by some websites.

No FB Tracking stops facebook of keeping an eye on you through the buttons “I like”. Using this buttons facebook can track you even if you’re not logged in or registered in the social network.

Installing all this plugins would take you time but considering the privacy is invaluable time shouldn’t be a concern of you.
Also some of the plugins like NoScript make take some time until you’re used to it but it’s worth to learn using it.
BetterPrivacy is able and will delete all flash cookies when your browser exits, this will prevent that some sites pry on you through the shitty flash cookies technology, this type of cookies NEVER EXPIRE! Hard to swallow but a fact …

In Linux this plugin is reported to work correctly however, in Windows there are dubious reports about it.
This is just a brief overview about how to improve your browsing privacy and therefore general personal data security, there is plenty much already red and said on topic, however I hope this could be some kind of basis for my dear reader for a later research on the topic.

Tags: , , , , , , , , , , , , , , ,
Posted in Computer Security, Linux, Linux and FreeBSD Desktop, Web and CMS | 4 Comments »

How to make GRE tunnel iptables port redirect on Linux

Saturday, August 20th, 2011

I’ve recently had to build a Linux server with some other servers behind the router with NAT.
One of the hosts behind the Linux router was running a Window GRE encrypted tunnel service. Which had to be accessed with the Internet ip address of the server.
In order < б>to make the GRE tunnel accessible, a bit more than just adding a normal POSTROUTING DNAT rule and iptables FORWARD is necessery.

As far as I’ve read online, there is quite of a confusion on the topic of how to properly configure the GRE tunnel accessibility on Linux , thus in this very quick tiny tutorial I’ll explain how I did it.

1. Load the ip_nat_pptp and ip_conntrack_pptp kernel module

linux-router:~# modprobe ip_nat_pptp
linux-router:~# modprobe ip_conntrack_pptp

These two modules are an absolutely necessery to be loaded before the remote GRE tunnel is able to be properly accessed, I’ve seen many people complaining online that they can’t make the GRE tunnel to work and I suppose in many of the cases the reason not to be succeed is omitting to load this two kernel modules.

2. Make the ip_nat_pptp and ip_nat_pptp modules to load on system boot time

linux-router:~# echo 'ip_nat_pptp' >> /etc/modules
linux-router:~# echo 'ip_conntrack_pptp' >> /etc/modules

3. Insert necessery iptables PREROUTING rules to make the GRE tunnel traffic flow

linux-router:~# /sbin/iptables -A PREROUTING -d 111.222.223.224/32 -p tcp -m tcp --dport 1723 -j DNAT --to-destination 192.168.1.3:1723
linux-router:~# /sbin/iptables -A PREROUTING -p gre -j DNAT --to-destination 192.168.1.3

In the above example rules its necessery to substitute the 111.222.223.224 ip address withe the external internet (real IP) address of the router.

Also the IP address of 192.168.1.3 is the internal IP address of the host where the GRE host tunnel is located.

Next it’s necessery to;

4. Add iptables rule to forward tcp/ip traffic to the GRE tunnel

linux-router:~# /sbin/iptables -A FORWARD -p gre -j ACCEPT

Finally it’s necessery to make the above iptable rules to be permanent by saving the current firewall with iptables-save or add them inside the script which loads the iptables firewall host rules.
Another possible way is to add them from /etc/rc.local , though this kind of way is not recommended as rules would add only after succesful bootup after all the rest of init scripts and stuff in /etc/rc.local is loaded without errors.

Afterwards access to the GRE tunnel to the local IP 192.168.1.3 using the port 1723 and host IP 111.222.223.224 is possible.
Hope this is helpful. Cheers 😉

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, System Administration | 6 Comments »

Set up Modsecurity on Debian 7 GNU / Linux to mitigate websites virus infections / Cross Site Scripting and SQL Injects

Friday, September 6th, 2013

mod security raise up your Apache webserver security and protect against cross site scripting javascript hacks and viruses

There are plenty of tutorials around on how to install and configure modsecurity  So This tutorial is nothing new, but I decided to write it since, I had to install mod_security on Debian Wheezy to protect a Debian Linux server websites from being periodically infected with Viruses / XSS / Backdoored Javascripts and Trojan horses.

Everyone who used Debian stable distribution knows the packages included in it are usually about 2 years older than latest available. Situation with latest Debian stable Wheezy  is same, but anyways even a bit outdated my experience so far is mod_security does a great job of protecting Apache sites …

1. Install libapache-mod-security and other libraries (not obligitory), but useful on most Apache + PHP servers

  Run below commands to add xml and rest of useful Apache stuff:


apt-get install libxml2 libxml2-dev libxml2-utils
apt-get install libaprutil1 libaprutil1-dev

Above commands will install a bunch of other dependency packages.

Next install mod-security deb. Run below command, to install and activate modsecurity. Note that installing libapache-mod-security will also automatically restart the Apache server.
 

apt-get install libapache-mod-security

Next to enable all functionality of modsecurity headers Apache module is required as well, activate it with:

 
a2enmod headers
service apache2 restart

2. Make sure mod_security Apache config looks like

 

<IfModule security2_module>
# Default Debian dir for modsecurity's persistent data
SecDataDir /var/cache/modsecurity
# Include all the *.conf files in /etc/modsecurity.
# Keeping your local configuration in that directory
# will allow for an easy upgrade of THIS file and
# make your life easier
Include "/etc/modsecurity/*.conf"
</IfModule>

Important part of conf is  "Include "/etc/modsecurity/*.conf"" line. /etc/modsecurity directory is main place to set up and configure modsecurity. This configuration file, combined with mod-security.load, do everything necessary to load the modsecurity into Apache server.

3.Enable and Load modsecurity default configuration rules:

So far, modsecurity is loaded into the apache server, but isn't stopping any attempts of hack scripts / Viruses / or automated tools to exploit Vulnerabilities in Web Applications. To make modsecurity start filtering requests, should activate  modsecurity specific configuration and load some regular expression rules.
First to do is enable "recommended" modsecurity configuration file:
 

Code:
cd /etc/modsecurity
mv modsecurity.conf-recommended modsecurity.conf

Default configuration from recommended conf enables modsecurity in an "examine only" mode. In order to make full use of the module, we have to make a few changes. With  favorite text editor open modsecurity.conf (mine is vim)and make the following change:

Code:
SecRuleEngine On

This makes modsecurity to block requests based on its (pre-written) developer rules. Other settings in this file that are useful to know about are the debug controls, very useful, whether you have to debug problems with sites not properly opening due to server enabled mod_security.
 

Code:
#SecDebugLog /opt/modsecurity/var/log/debug.log
#SecDebugLogLevel 3

This controls how much information is stored in modsecurity's "audit log as well as keeps track of attacks launched to server. Default debug level of 3 is pretty much and stores "everything". This is dangerous as a huge logs are produces on  busy servers.
 

Code:
SecAuditLogParts ABIJDEFHZ

4. Enable extra modsecurity prevention rules

Modsecurity works by using rules by pre-defined patterns used to recognize when your website/s is being probed or attacked. Once installed modsecurity base package as a dependency modsecurity-crs package is installed. modsecurity-crs contains addition free core rule set. Current Core rule from modsecurity.org are newer than version included with wheezy,  thus rules lack a bit behind but this is only option whether using default debian bundled packge otherwise manual modsecurity recompile is required. We all know how bad it is to custom compile software on production machines, so custom compile experiments are really bad idea.

CRS (Core Rule Set) is installed in /usr/share/modsecurity-crs. This directory contains an "activated_rules" directory present also in /etc/modsecurity

Quickest way to activate rules is by symlinking from the actual config and rule files into the /etc/modsecurity config directory.

We'll be making links from the /usr/share/modsecurity location into /etc/modsecurity to activate some other useful modsec useful rules. First link main crs config file:
 

ln -s /usr/share/modsecurity-crs/modsecurity_crs_10_setup.conf /etc/modsecurity/modsecurity_crs_10_setup.conf

This file provides some basic configuration directives for crs.

Futher on, link each rule file in the base_rules and optional_rules directories using 2 tiny bash loops.
 

 
cd /usr/share/modsecurity-crs/base_rules
for f in * ; do sudo ln -s /usr/share/modsecurity-crs/base_rules/$f /etc/modsecurity/$f ; done
cd /usr/share/modsecurity-crs/optional_rules
for f in * ; do sudo ln -s /usr/share/modsecurity-crs/optional_rules/$f /etc/modsecurity/$f ; done

With that done, there's one more edit to check if modsecurity blocking works as expected. Open the /etc/modsecurity/modsecurity.conf file and add the following lines at the end (this is from the free, modsecurity pdf book, link provided below)
 

 
SecRule ARGS "MY_UNIQUE_TEST_STRING"\
"phase:1,log,deny,status:503"

Finally after all configuration rules are loaded to modsec, Usual Apache restart is required:

 
/etc/init.d/apache2 restart

Whether no fatal errors pop up and Apache starts normally, now modsecurity should be properly running.

5. Verify if modsecurity is set-up and kicking ass

To verify installation, open a browser and access some of hosted websites  like this:
http://www.your-server-domain.com/?test=MY_UNIQUE_TEST_STRING

A sure sign that modsec works is  503 "Service Temporarily Unavailable" message from Apache. Alternatively  examine server's modsec audit log file (default location in /var/log/apache2/modsec_audit.log) (grep the string MY_UNIQUE_TEST_STRING. You should see full transcript of the communication between your browser and server logged. Depending on amount of site traffic gets make sure to monitor  size of file for some minutes to make sure it doesn't grow too big and it doesn't fill up quickly your HDD.

Well now all fine your Apache server security is better for sure and by God's grace you should not have to deal with hundreds of hours of sites recovery after a bunch of client's websites are hacked.

Feedback and comments are mostly welcome. Enjoy 😉

Tags: , , , , , , , , ,
Posted in Computer Security, System Administration, Various, Web and CMS | No Comments »

How to configure Exim to relay mail to remote SMTP server on Debian and Ubuntu

Wednesday, August 24th, 2011

I’m required to do some mail relaying on a Debian Linux host which should use a remote mail server to relay its mails.
Until so far I’ve had not much experience with exim as I prefer using qmail, whever a mail server is needed. However since now only a relaying was necessery and exim is the default installed MTA on Debian, I’ve decided to use exim to take care of the SMTP mail relaying.
After a bit of reading it happened configuring exim to relay via remote SMTP server is more than easy!

All I had to do is run the command:

debian-relay:~# dpkg-reconfigure exim4-config

Next in the Ncruses interface to appear:

Debian Exim relay smtp config screenshot

I had to choose the option:

mail sent by smarthost; no local mail

Next a dialog appears asking for:
System mail name:
Therein it’s necessery to type in the hostname of the remote SMTP to be used for mail relay.
Next dialog asks for:
IP-addresses to listen on for incoming SMTP connections:
and I left it with 127.0.0.1 however if exim is supposed to be visible from external network one might decide to put in real IP address there.

Pressing OK leads to the next dialog:
 Other destinations for which mail is accepted: 
I decided to leave this blank as I don’t want to accept mail for any destinations.
Next pane reads:
Visible domain name for local users:
I’ve typed inside my smtp relay server e.g.:
smtp.myrelaymail.com

Further comes:
IP address or host name of the outgoing smarthost:
There once again I typed my mail relay host smtp.relaymail.com

The next config screen is:
Keep number of DNS-queries minimal (Dial-on-Demand)?
On any modern Linux host the default answer of No is fine.
Following prompt asked if I want to:
Split configuration into small files?
I’ve decided not to tamper with it and choosed No
Afterwards mail relaying works like a charm thx God 😉

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Exim, Linux, Qmail, System Administration | 3 Comments »

How to check MASTER / SLAVE MySQL nodes status – Check MySQL Replication Status

Thursday, April 19th, 2012

I'm doing replication for one server. Its not the first time I do configure replication between two MySQL database nodes, however since I haven't done it for a few years, my "know how" has mostly vanished so I had some troubles in setting it up. Once I followed some steps to configure replication I had to check if the two MASTER / Slave MySQL db nodes communicate properly. Hence I decided to drop a short post on that just in case if someone has to do the same or if I myself forget how I did it so I can check later on:

1. Check if MASTER MySQL server node is configured properly

The standard way to check a MySQL master node status info is with:
 

mysql> show master status;
+——————+———-+———————————————————+——————+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+——————+———-+———————————————————+——————+
| mysql-bin.000007 | 106 | database1,database2,database3 | |
+——————+———-+———————————————————+——————+
1 row in set (0.00 sec)

By putting \G some extra status info is provided:
 

mysql> show master status\G;
*************************** 1. row ***************************
File: mysql-bin.000007
Position: 106
Binlog_Do_DB: database1,database2,database3
Binlog_Ignore_DB:
1 row in set (0.00 sec)

ERROR:
No query specified

2. Check if Slave MySQL node is configured properly

To check status of the slave the cmd is:
 

mysql> show slave status;

The command returns an output like:
 

mysql> show slave status;+———————————-+————-+————-+————-+—————+——————+———————+————————-+—————+———————–+——————+——————-+——————————————————-+———————+——————–+————————+————————-+—————————–+————+————+————–+———————+—————–+—————–+—————-+—————+——————–+——————–+——————–+—————–+——————-+—————-+———————–+——————————-+—————+—————+—————-+—————-+| Slave_IO_State | Master_Host | Master_User | Master_Port | Connect_Retry | Master_Log_File | Read_Master_Log_Pos | Relay_Log_File | Relay_Log_Pos | Relay_Master_Log_File | Slave_IO_Running | Slave_SQL_Running | Replicate_Do_DB | Replicate_Ignore_DB | Replicate_Do_Table | Replicate_Ignore_Table | Replicate_Wild_Do_Table | Replicate_Wild_Ignore_Table | Last_Errno | Last_Error | Skip_Counter | Exec_Master_Log_Pos | Relay_Log_Space | Until_Condition | Until_Log_File | Until_Log_Pos | Master_SSL_Allowed | Master_SSL_CA_File | Master_SSL_CA_Path | Master_SSL_Cert | Master_SSL_Cipher | Master_SSL_Key | Seconds_Behind_Master | Master_SSL_Verify_Server_Cert | Last_IO_Errno | Last_IO_Error | Last_SQL_Errno | Last_SQL_Error |+———————————-+————-+————-+————-+—————+——————+———————+————————-+—————+———————–+——————+——————-+——————————————————-+———————+——————–+————————+————————-+—————————–+————+————+————–+———————+—————–+—————–+—————-+—————+——————–+——————–+——————–+—————–+——————-+—————-+———————–+——————————-+—————+—————+—————-+—————-+| Waiting for master to send event | HOST_NAME.COM | slave_user | 3306 | 10 | mysql-bin.000007 | 106 | mysqld-relay-bin.000002 | 251 | mysql-bin.000007 | Yes | Yes | database1,database2,database3 | | | | | | 0 | | 0 | 106 | 407 | None | | 0 | No | | | | | | 0 | No | 0 | | 0 | |+———————————-+————-+————-+————-+—————+——————+———————+————————-+—————+———————–+——————+——————-+——————————————————-+———————+——————–+————————+————————-+—————————–+————+————+————–+———————+—————–+—————–+—————-+—————+——————–+——————–+——————–+—————–+——————-+—————-+———————–+——————————-+—————+—————+—————-+—————-+

As you can see the output is not too readable, as there are too many columns and data to be displayed and this doesn't fit neither a text console nor a graphical terminal emulator.

To get more readable (more verbose) status for the SQL SLAVE, its better to use command:
 

mysql> show slave status\G;

Here is a sample returned output:
 

mysql> show slave status\G;*************************** 1. row *************************** Slave_IO_State: Waiting for master to send event Master_Host: HOST_NAME.COM Master_User: slave_user Master_Port: 3306 Connect_Retry: 10 Master_Log_File: mysql-bin.000007 Read_Master_Log_Pos: 106 Relay_Log_File: mysqld-relay-bin.000002 Relay_Log_Pos: 251 Relay_Master_Log_File: mysql-bin.000007 Slave_IO_Running: Yes Slave_SQL_Running: Yes Replicate_Do_DB: database1,database2,database3 Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 0 Last_Error: Skip_Counter: 0 Exec_Master_Log_Pos: 106 Relay_Log_Space: 407 Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: No Master_SSL_CA_File: Master_SSL_CA_Path: Master_SSL_Cert: Master_SSL_Cipher: Master_SSL_Key: Seconds_Behind_Master: 0Master_SSL_Verify_Server_Cert: No Last_IO_Errno: 0 Last_IO_Error: Last_SQL_Errno: 0 Last_SQL_Error: 1 row in set (0.00 sec)ERROR: No query specified

If show master status or shwo slave status commands didn't reveal replication issue, one needs to stare at the mysql log for more info.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in MySQL, System Administration, Web and CMS | 4 Comments »

How to configure Tor Public server on Debian Linux and FreeBSD

Monday, October 1st, 2012

Tor onion running public server on FreeBSD and Debian Ubuntu Gnu / Linux

I like configuring publicly accessible tor on hosts which I own, the reason is because I like very much and want to support the good initiative of Tor Onion Project.

Anonymity on the Internet is becoming harder day after day thus I believe any freedom respecting person should do his best to support any project that aims to help us be anonymous on the net.

Installing even one Tor server at home makes difference and makes Tor Network better. So if you have a spare internet connection somewhere, I kindly ask you start a tor server! Help Tor Project grow – Help protect our anonimity 🙂

After the loud “speech”, here is in short how easy it is to configure Tor Server on Linux and BSD.
Keep in mind installing it as pointed below makes Tor server automatically becomes part of Tor Nodes Network; next time you use tor it is likely you use tor via your own node 🙂

1. Install tor debian package


apt-get --yes install tor

2. Set proper torrc configuration in /etc/tor/torrc

Edit /etc/tor/torrc and place something like:


SocksPort 0 # what port to open for local application connections
SocksListenAddress 127.0.0.1 # accept connections only from localhost
## Required: A unique handle for this server
Nickname pcfreak
ORPort 9001
ExitPolicy reject *:6660-6667,reject *:*
ExitPolicy reject *:* # middle node only -- no exits allowed
# See http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#Hibernation
# We have 400GB of traffic per month
# We want that to be about 150GB per week
BandwidthRate 50 KB
BandwidthBurst 1MB
AccountingStart week 1 00:00
AccountingMax 150 GB
DataDirectory /var/lib/tor
RunAsDaemon 1
ContactInfo hip0

3. Allow port in iptables firewall 9001


/sbin/iptables -A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --dport 9001 -j ACCEPT

You might want to permanetly store new iptables settings i.e.:


# iptables-save > /root/iptables.tor.save

4. Restart tor server


# /etc/init.d/tor restart
Run telnet or / nmap to test if your host is reachable via port 9001.


# telnet www.pc-freak.net 9001
Trying 83.228.93.76...
Connected to www.pc-freak.net.
Escape character is '^]'.
Connection closed by foreign host.

Installing Tor Public server on FreeBSD.
Installing tor onion server on FreeBSD is equivalent:


freebsd# cd /usr/ports/security/tor
freebsd# make install && make install clean

Then use you can use exactly same torrc config like in above example it works identically on Linux and BSD.
Here you get same working torrc

On FreeBSD tor is stopped started via /usr/local/etc/rc.d/tor start/stop init script:

Restart it and you’re done on BSD too:


freebsd# /usr/local/etc/rc.d/tor restart
...

Another thing is to allow port 9001, config with packet filter (pf) /etc/pf.conf should be something like:


EXT_IP="192.168.0.2"
EXT_NIC="em0"
pass out log quick on $EXT_NIC proto TCP from any to $EXT_IP port 9001 flags $SYN_ONLY keep state

Once pf options are in restart pf.conf;


freebsd# pfctl -d
No ALTQ support in kernel
ALTQ related functions disabled
freebsd# pfctl -e -f /etc/pf.conf
No ALTQ support in kernel
ALTQ related functions disabled

Enjoy sharing your internet bandwidth with rest of Tor Project network 🙂

Tags: , , , , ,
Posted in Computer Security, System Administration | 1 Comment »

How to Install and configure webcam trust WB 3320X Live on Ubuntu /Debian Linux

Wednesday, September 26th, 2012

Trust Hires Webcam Live WB 3320X on Ubuntu, Debian, Xubuntu Install how to

I had to install WebCAM TRUST WB 3320X on one Xubuntu Linux install. Unfortunately by default the camera did not get detected (the Webcam vendor did not provide driver or specifications for Linux either).
Thus I researched on the internet if and how this camera can be made work on Ubuntu Linux. I found some threads discussing the same issues as mine in Ubuntu Forums here . The threads even suggested a possible fix, which when followed literally did not work on this particular 32-bit Xubuntu 12.04.1 installation.

I did 20 minutes research more but couldn’t find much on how to make the Webcam working. I used Cheese and Skype to test if the webcamera can capture video, but in both of them all I see was just black screen.

he camera was detected in lsusb displayed info as:


# lsusb | grep -i webcam

Bus 002 Device 002: ID 093a:2621 Pixart Imaging, Inc. PAC731x Trust Webcam

After reading further a bit I found out some people online suggesting loading the gspca kernel module. I searched what kind of gspca*.kokernel modules are available using:


locate gspca |grep -i .ko

1. Load proper camera kernel modules

I found a dozen of modules and after some testing with few of the found ones I realized the Camera works, whether gspca_pac730.ko and gspca_pac7311 are loaded, to test the camera I loaded both with:


# /sbin/modprobe gspca_pac730
# /sbin/modprobe gspca_pac7311

Seeing while this two modules are loaded the camera is fine capturing video. I added the above two to auto load on each Ubuntu boot:


# echo "gspca_pac730" >> /etc/modules
# echo "gspca_pac7311" >> /etc/modules

Before really I can see the camera properly capturing video, though I had to adjust few settings in default GNOME settings for Video device in gstreamer-properties

2. Change settings for video camera in gstreamer-properties


$ gstreamer-properties

The settings in the Video tab should be as you see in screenshot:

3. Testing if video camera works with VLC

There are numerous ways to test if camera is properly capturing video, vlc, mplayer, cheese or even Skype can be used. First time I tested it I used VLC, like so:


vlc v4l2:///dev/video0

Above as VLC argument I use /dev/video0 as video capturing device cause video camera is found under /dev/video0. This might vary on other Linux distros; to check the exact assigned dev, ls it:


# ls -al /dev/vide*

crw-rw----+ 1 root video 81, 0 sep 25 20:53 /dev/video0

Testing the Trust WB 3320X Live on Linux can be done with Cheese or Skype too by running them vide a LD_PRELOAD predefined bash variable;


$ LD_PRELOAD=/usr/lib/i386-linux-gnu/libv4l/v4l1compat.so cheese

or for Skype


LD_PRELOAD=/usr/lib/i386-linux-gnu/libv4l/v4l1compat.so skype

Still using vlc to test webcam is preferrable, as there is no need to invoke it via a predefined LD_PRELOAD=/usr/lib/i386-linux-gnu/libv4l/v4l1compat.so bash var.

Anyways below is a screenshot of the WebCam capturing video in Skype (on the Screenshot Sali a very good person who help me a lot here in Netherlands).

Though the camera driver works, the quality is quite bad the capture image is distorted and whenever there is a movement in front of the camera the picture is really bad … Expect quality of the captured video to be maybe about 2 times? worser than those in Windows OS.

Lest the bad quality the picture is good enough to distinguish you and recognize you on the other side, so for people who are not image quality freaks quality will be okay.

4. Making the Trust WB 3320 work in skype

As prior said you need to each time invoke Skype binary with a LD_PRELOAD pre-defined variable:


$ LD_PRELOAD=/usr/lib/i386-linux-gnu/libv4l/v4l1compat.so skype

Same goes for Cheese too:


$ LD_PRELOAD=/usr/lib/i386-linux-gnu/libv4l/v4l1compat.so cheese

Typing all this long line and even remembering it is a taugh task, so I created two little wrappers scripts for both Cheese and Skype in /usr/local/bin/skype-camera-fix and /usr/local/bin/cheese-camera-fix.


$ su root
Password:
# echo '#!/bin/bash' >> /usr/local/bin/skype-camera-fix
# echo 'LD_PRELOAD=/usr/lib/i386-linux-gnu/libv4l/v4l1compat.so skype' >> /usr/local/bin/skype-camera-fix
# chmod +x /usr/local/bin/skype-camera-fix

and


# echo '#!/bin/bash' >> /usr/local/bin/cheese-camera-fix
# echo 'LD_PRELOAD=/usr/lib/i386-linux-gnu/libv4l/v4l1compat.so cheese' >> /usr/local/bin/cheese-camera-fix
# chmod +x /usr/local/bin/cheeese-camera-fix

Now as this two wrappers, are existing it is good idea to modify in GNOME menus Skype and Cheese to launch the modified bash wrapper scripts instead of the original binaries:

4. Changing default Skype and Cheese path in GNOME to skype-camera-fix and cheese-camera-fix wrapper scripts

Edit /usr/share/applications/skype.desktop and change inside, where the line says:


Exec=skype

to


Exec=/usr/local/bin/skype-camera-fix

After the change the content of skype.desktop should be as:


[Desktop Entry]
Name=Skype
Comment=Skype Internet Telephony
Exec=/usr/local/bin/skype-cam-fix
Icon=skype.png
Terminal=0
Type=Application
Encoding=UTF-8
Categories=Network;Application;

Then same goes for Cheese, change the Exec= line in file /usr/share/applications/cheese.desktop to equal to:


Exec=/usr/local/bin/cheese-camera-fix

Now after restarting the PC or logging off and then logging in again to GNOME both applications should be executing via the wrapper script.

5. Changing Brightness and tuning various other Webcam settings

As I red online, there are plenty of apps that can be used to tune up webcam color gamma, saturation, explosure etc.

I however tried only two ;

  • v4l2ucp

  • guvcview

    • I red online there is also another (camera settings feature rich) program – gtk-v4l, though never tried this one.

    From my little testing I concluded v4lucp seems to be more options rich, so I suggest using it as a primary tool for tuning webcam:

    Besides that v4l2ucp is present inside standard Ubuntu / Debian repositories, so there is no need to add any extra repositories to install it.
    Install v4l2ucp via:


    # apt-get install v4l2ucp
    # apt-get install v4l2loopback-dkms

    v4l2ucp has multiple of settings you can play with, so after installing it run it to see if you can make the camera video display a bit better. In my case it was beneficial to raise up a bit the camera brightness and correct the red as the captured video was reddish and darky


    $ v4l2ucp

    v4l2ucp change linux webcam video4linux settings

    Secondly I give a try gucview. Unfortunately it is not part of official Ubuntu repositories, so I had to add external repository:


    # add-apt-repository ppa:pj-assis/ppa
    # apt-get update
    # apt-get install guvcview

    GUVCView Chainging brightness / saturation on Trust 3220X webcam

    Well thats all though the picture is a bit distorted, Camera works. Distorted is better than none at all. Cheers 😉

Tags: , , , , ,
Posted in Linux and FreeBSD Desktop, Linux Audio & Video | No Comments »

Trip To Amsterdam (TTA)

Tuesday, March 3rd, 2009

Saint Nicolas Roman Catholic Church near Amsterdam trainstation pictureOn Tuesday Zlati (A friend of mine introduced to me by Father Veliko), came to Arnhem. The plan was that he came on Tuesday here and afterwards in Wednesday morning the Trip to Amsterdam was going to happen. First we had settled that he will be in Arnhem in 12:00 o’clock. So Around 10:50 I walked down the way to the trainstation. I was on my way when Zlati ringed and told that he still, haven’t catched the train and he is not going to make it for 12:00, though he will be on Arnhem Central Station in 04:35 in the afternoon. I came back to home and on my way bought some apples as well as a oily sweet thing from the Turkish shop “Sultan” 🙂

Around 3 I took my way to the city center again, on my way I had toleave Sali’s laptop in his home. I had taken his laptop to re-install Windows and setup his Windows in Bulgarian as well as configure it to be able to watch Bulgarian TV channels online.
In order to achieve that I used a proxy donated to me by Amridikon. Thanks Amri!

To make Windows Vista Home Premium to Bulgarian I had to use a small proggie “Vista Change Language 1.0”. I had to burn the program to a CD and boot into it and then use the downloaded language pack to change the vista text language to Bulgarian. I did so all went well, unfortunately after an upgrade the text in the menus did screw up. So I have to boot again in the Vista Change Language 1.0 boot CD and revert it back to Bulgarian.
Then I had to disable Windows Vista updates in order to prevent the same language mess up to occur again. This was a little out of the topic, but I decided it’s nice to have it on paper.

So back to where I was with my TTA .. I took Zlati from the train station,we went to Sali and he treated us with some kind of traditional turkish soup meal. The soup was quite nice btw. He was extremely happy that he could watch Bulgarian TV’s online through the bg.gledai.tv website. I was glad to that God helped me and blessed me in succeeding in all the things I mentioned above. Afterwards we went with Zlati and Koko to Albertheijn picked up a beer and a couple of other things. Then I and Zlati went to my place where we used my notebook to research about places of Interest, we would like to attend in Amsterdam. We went to bed around 2 o’clock at night.

At the morning we went to the train station. I suggested that we go a little earlier because I thought, well it might be better to be earlier in the city for to have more time to walk and take a look at its significant things in it. We were on the train station 8:10 and had the intention to take the first train at 8:29, however God had other plans for that.It seemed that we have to wait and buy a ticket for after 9:00, otherwise Zlati couldn’t use his train card for my discount.He was quite irritated by the fact that I suggested that we went to the train station so early since he was quite sleepy in the morning because we went to bed so late.

Anyways I got a coffee from the trainstation waiting-room coffee machine.And, eh the coffee there is expensive, be careful if you travel in the Netherlands by train.

The coffee costed 1.50 per cappuchino, huh … We catched a train in 9:29 and we were in the capital of Amsterdam in 10:40.
I was so excited! Yes the trip worthed the price of 16.30 EUR (with the 40% discount). Amsterdam is a really nice city, especially considering it’s architecture. And I saw such a big shops and so many things to choose from … The whole city is full of canals and boats are traveling through it.
We went to music store, wow there was so much music in it.
We entered a lot of Catholic Churches in one of the Catholic Churches there was an orthodox icon of St. Nickolas! So I made the sign of the cross and prayed the Saint to pray God for me the sinner.
With our arrival right after we went out of the central station I saw a bookstore,so I proposed Zlati to enter. It seemed that was a protestant Christian bookstore. Even though a protestant one the people there at least were believing in our Lord and Saviour Jesus Christ.

I had a small chat with one of the guys asking if they have Orthodox Bible, It seemed they haven’t so I started telling him about the advantages of being Orthodox Christian. I explained him how I became orthodox after God gave me the faith and transformed my life.
The bookstore had a free/coffee and tea.So each me and Zlati took a cappuchino. It was so nice God gave me a hot drink in the Early morning in Amsterdam.
A lot of people are insane in that place, I saw a lot of pod smokers on the street.

On a lot of places the air had that typical pod stell. We saw a lot of Museums, we tried to use a citymap although in a lot of cases  un-succesful. We saw so many Churches, Madam Tusad’s museum,as well as Anne Frank museum, the tulip museum.
There was also sex, museums we saw on our way and even this freaks had gay museum. We saw some road building in progress where a couple of people were building a road on top of pillars, right above the water! 🙂 The city is full of old buildings most of which originating from 16th century. The Architecture is really amazing. The parks and everything and the terraces had that typical European style which I’ve seen in movies showing people from the 18thor 19th century drinking coffees on the balconies. We took a lot of pictures. Unfortunately I still haven’t taken the pictures from Zlati. We entered into a shop which was selling buddhist, hindu and indian statues and souvenirs to warm a bit as the weather outside was coldy.
There we had a nice chat with the storekeeper, about religion and about my Orthodox faith in Our Lord Jesus! He mentioned that near around there is an Syrian Orthodox Church. So went to seek for it. After some rambling we found it but unfortunately it was already closed the time was quite late over 18:00, so it was quite normal to be closed.The style of the Church didn’t really much differentiated from the rest of the Catholic Churches.

Earlier we went into a Church, whether they had that modern exposition, again we went their to warm ourselves (it was such a cold day).

The Church inside was nice but the pictures,they was selling on the expo was really terrible, a lot of sado-mazo and perverted motives in the pictures …

I was saddened to see that they have de-sacrated a holy place like that. Well it’s true that the Roman catholics stepped aside from the orthodox faith some time ago but still they are believing Christians and therefore there temples are holy to some degree too … therefore such an abomination really shouldn’t happen.

The good thing was that in the Church they even had made toilets inside the church we could use 🙂
The Church wall paintings were displaying the way our Lord Jesus has walked on it’s way to final execution by the jews, carrying his cross on the way to Golgotha.

Around 18:30 we went to the street where the so famous prostites and drug addicts street was the “RED LIGHTS” – so famous all around the world ….

I couldn’t believed my eyes, prostites staying behind windows half naked waiting for a customer to hire them for sex …I have heard about that place but I really couldn’t imagine it could legally exist in the center of a metropolitan city like Amsterdam.

We walked in that “wicked” part of the city for around hour.
There were all kind of junkies people who looked really criminal, the prostitutes on the windows. Sex shops, sex video rooms, you name it .. all the disgusting stuff you could imagine. After this walk we went to the train station around 8:00 and took the train back to Arnhem. The whole day went quite flawless,God has heard our prayer to keep us from evil and give us safe journey.The whole trip was really relaxing for me! Praise the Lord for his great mercy towards me the sinner for giving my eyes to see all this things!

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Everyday Life | No Comments »

« Older Entries
Newer Entries »