Posts Tagged ‘GNU’

Newer Entries »

How to protect Munin Web statistics with password on GNU / Linux

Thursday, October 27th, 2011

I just installed munin to track in web the performance of few Debian servers. I’ve configured munin to open via a Virtualhosts in Apache. As its always wise to protect any statistics data about the server from the unwanted possible security violators, I decided to protect Munin with Apache .htaccess.

The munin htmldir output dir is configured to be in /var/www/munin, hence I protected my munin with password by:

1. Creating .htaccess file in /var/www/munin with following content

AuthUserFile /etc/apache2/.munin_htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic

require user admin

2. Creating /etc/apache2/.munin_htpasswd with htpasswd (htaccess password generator cmd)

debian:/var/www/munin# htpasswd -c /etc/apache2/.munin_htpasswd admin
New password:
Re-type new password:
Adding password for user admin

Another important thing I had to do is set my VirtualHost file to be configured with AllowOverride All , if AllowOverride All is missing the .htaccess and .htpasswd are not red at all.
Afterwards munin is protected with password, and when my virtualdomain where munin lays e.g. http://munin.mydomain.com is accessed the .htpasswd password dialog pops up 😉

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, System Administration, Web and CMS | No Comments »

John McCarthy Creator and Father of Modern Artificial Intelligence and Lisp programming language creator passed away at 84

Wednesday, October 26th, 2011

John McCarthy Creator of Lisp programming language and Invetor of modern Artificial Intelligence

Yesterday night, one more Computer Genius – John McCarthy has passed away at the age of 84.
John McCarthy is mostly famous for the creation of Lisp Programming language, which was probably the most used programming language in the short past. There are plenty of corporate old iron hardwares which still run programs written in Lisp. Lisp is the language in which Richard Stallman has created his so famous EMACS text editor for GNU.

Computer Technology students, should have studied certainly Lisp in the form of Lisp Scheme.
Lisp is the the second oldest high level programming language only to be predeceded by Fortran .
Lisp gave birth to the so called Macro programming languages
and was invented by McCarthy in 1958, while he was in Massachusetts MIT university.
What is so important about Lisp is that it is de-facto the first language in the world which was written to be suitable for AI (Artificial Intelligence) researches. There is plenty of interesting information about Lisp as well as a number of forks and variations circulating for almost all the existing major operating systems nowdays.

Besides LISP creation McCarthy was in the first team who did a the first Remote Computer Chess game. The game played was among USSR and US scientists, where the moves were transferred by telegraph.
In 1972 MCCarthy was awarded with the Turing Award – (Today probably the most prestigious award for incredible technology achievements in the world).
McCarth’s home website had a lot of great papers on programming languages, mathematical theory of computation and most importantly philosophical words and notes on Artificial Intelligence
His site has a lot of his essays as well as his personal views on the world and predictions (foreseen probabilities by him) on the world future.
McCarthy had even written a short Sci-Fi story (The Robot and The Baby), the story aim was to explore the question, whether robots should have simulated emotions.John McCarthy AI later days life picture

John McCarthy is among the brightest computer genius who ever live on this planet as well as a true “icon” for a computer hacker. The news for his death is quite shocking especially after the sudden death of the creator of C programming Language and UNIX Denis Ritchie , and a week earlier the pass of Steve Jobs
It seems like no coincidence, that the brightest computer minds are departuring this life, probably God is taking them one by one just like he gave them the gifts to invent and revolutionize the technology we use today.
Surely McCarthy has left a huge landmark on technology and his name will be in the books for the generations to come.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Everyday Life, Programming, Various | 1 Comment »

The creator of C and UNIX Dennis Ritchie passed away R.I.P. Dennis

Thursday, October 13th, 2011

Dennis Ritchie old young picture

I just read the lwn.net – Linux Weekly news ‘s website the very sad news that one of the greatest modern day computer heroes Dennis MacAlistair Ritchie after a long illness has passed away in his home.

The original notification for this grieving news are on Rob Pike’s Google Plus wall , this is the original message:

Rob Pike - 1:02 AM - Public
I just heard that, after a long illness, Dennis Ritchie (dmr) died at home this weekend. I have no more information.
I trust there are people here who will appreciate the reach of his contributions and mourn his passing appropriately.
He was a quiet and mostly private man, but he was also my friend, colleague, and collaborator, and the world has lost a truly great mind.

For all those who haven’t heard about Dennis Ritchie , he was a computer scientist who developed the C Programming language and had an immeasurable influence on all kind of Modern programming.

C Programming Language cover Dennis Ritchie

Dennis worked on the development of Unix’s predecessor Multics as well as with Ken Thompson worked together in Bell Labs and are practically the fathers of UNIX.
Unix the Seventh Edition source code has later become the basis for the early UNIX BSD distributions. Among the most important technical contributions Dennis has done is the introduction of a Streams mechanism – pipes – (as called today in GNU/Linux and BSD and other unices).
Ritchie’s C Language creation on top of Ken Thompson’s B Programming language has been standartized and become the de-facto standard for almost every modern existing OS around.
Moreover dmr has been among the co-creators of Plan 9 Operating system (which is currently open-source distributed) as well as coded a few bits for the Inferno OS which today is known under the code name Vita Nuova

Unix Live Free or die Bell labs early UNIX logo

dmr (the hacker nickname of Dennis) lines up across the most notable computer hackers of all times. He received U.S. national Medal of Technology in 1999 from president Bill Clinton for his contributions to co-inventing the UNIX operating system and the creation of C Language

Denis Ritchie receives national prize in 1999 for Technology from president Bill Clinton
To sum it up DMR is just an “icon” in the computer geek world and his memory will surely live forever in the hacker undeground and computer geek culture.

Dennis Ritche near a personal computer picture

A few quotes dmr is so famous with:

"I am not now, nor have I ever been, a member of the demigodic party."
"Usenet is a strange place."
"UNIX is very simple, it just needs a genius to understand its simplicity."
"C is quirky, flawed, and an enormous success."
"We really didn't buy it thinking we'd have this enormous investment."

Here is also a short video telling a few words of UNIX history and showing Dennis Ritchie in his UNIX development years:

Farewell Denis! See you in Hacker’s paradise 😉

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Everyday Life, FreeBSD, Linux, Programming, Various | 1 Comment »

How to find out which processes are causing a hard disk I/O overhead in GNU/Linux

Wednesday, September 28th, 2011

iotop monitor hard disk io bottlenecks linux
To find out which programs are causing the most read/write overhead on a Linux server one can use iotop

Here is the description of iotop – simple top-like I/O monitor, taken from its manpage.

iotop does precisely the same as the classic linux top but for hard disk IN/OUT operations.

To check the overhead caused by some daemon on the system or some random processes launching iotop without any arguments is enough;

debian:~# iotop

The main overview of iostat statistics, are the:

Total DISK READ: xx.xx MB/s | Total DISK WRITE: xx.xx K/s
If launching iotop, shows a huge numbers and the server is facing performance drop downs, its a symptom for hdd i/o overheads.
iotop is available for Debian and Ubuntu as a standard package part of the distros repositories. On RHEL based Linuxes unfortunately, its not available as RPM.

While talking about keeping an eye on hard disk utilization and disk i/o’s as bottleneck and a possible pitfall to cause a server performance down, it’s worthy to mention about another really great tool, which I use on every single server I administrate. For all those unfamiliar I’m talking about dstat

dstat is a – versatile tool for generating system resource statistics as the description on top of the manual states. dstat is great for people who want to have iostat, vmstat and ifstat in one single program.
dstat is nowdays available on most Linux distributions ready to be installed from the respective distro package manager. I’ve used it and I can confirm tt is installable via a deb/rpm package on Fedora, CentOS, Debian and Ubuntu linuces.

Here is how the tool in action looks like:

dstat Linux hdd load stats screenshot

The most interesting things from all the dstat cmd output are read, writ and recv, send , they give a good general overview on hard drive performance and if tracked can reveal if the hdd disk/writes are a bottleneck to create server performance issues.
Another handy tool in tracking hdd i/o problems is iostat its a tool however more suitable for the hard core admins as the tool statistics output is not easily readable.

In case if you need to periodically grasp data about disks read/write operations you will definitely want to look at collectl i/o benchmarking tool .Unfortunately collect is not included as a packaget for most linux distributions except in Fedora. Besides its capabilities to report on servers disk usage, collect is also capable to show brief stats on cpu, network.

Collectl looks really promosing and even seems to be in active development the latest tool release is from May 2011. It even supports NVidia’s GPU monitoring 😉 In short what collectl does is very similar to sysstat which by the way also has some possibilities to track disk reads in time.  collectl’s website praises the tool, much and says that in most machines the extra load the tool would add to a system to generate reports on cpu, disk and disk io is < 0.1%.  I couldn’t find any data online on how much sysstat (sar) extra loads a system. It will be interesting if some of someone concluded some testing and can tell which of the two puts less load on a system.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, System Administration, Various | 5 Comments »

PixBros a nice Arcade Game remake of Bubble Bobble for GNU/Linux

Monday, September 26th, 2011

PixBros Linux Bubble Bobble like Game Screenshot

While checking my sister’s notebook running Ubuntu GNU/Linux. I decided to check the gui package installer for some new Linux games that entered Ubuntu 11.04. A quick view over the games and I come across awesome game called PixBros

The game is combining three great arcade games from my young years Bubble Bobble, Snow Bros and Tumple Pop . The game really brought some joy to my boring lifeand here it comes I’ve written a small article to share my little joy.

In the game you can select one of three characters and play a remake version of Bubble Bobble on your Linux Desktop. Besides that the music is absolutely awesome like it is with most of the classic arcade games 😉
The game characters graphics is also trendy, like you can see in the screen below:

PixBros Bubble Bobble Linux game like entry Screen characters

The game history is also intriuging and in the old-school arcade games spirit.
PixBros Start New Game screen, game gangsta characters

The game is published under GPL v2, so its one more great game in the family of free software games 😉
PixBros has also port (binary installer) for Windows, Nintendo Wii and few other platforms. As a multi-platform game its very suitable for little Children to develop their reflexes and intellect. Therefore for parents who wants to use free software to grow up their kids mind, PixBros will fit well with other games likeTux Math, Tux Paint, Tux Typing which are stimulating the kid to learn
The game is also great for big kids like me and other arcade maniacs as well 😉
I have only one small note about the game just like with many other Linux games, by default the game starts in minimized screen and trying to play it in fullscreen is only possible by using the menus available from within the game itself.
This kind of behaviour reduces some of the initial game enjoyment and maybe in the future releases of the game let’s say when it reaches stable version 1.0 it will be nice the game to start in fullscreen by default.

The creator team of PixBrosPix Juegos has 4 other games created, all of which are primary developed for GNU/Linux and downloadable from PixJuegos game dev crew official website . Unfortunately the crew official website does not English translation.

The other games from PixJuegos one can enjoy are; A Remake of the classic Atari frog game again for Linux (available for install via a deb package on latest Ubuntu 11.04):

PixFrogger - Atari modern Frog game remake for Linux

A Super Pang modern remake – Pix Pang , below is a screenshot for all those that can’t remember Pang 😉

Super Pang arcade classic screenshot
Super Pang

Here is also a screenshot of PixJuegos’s PixPang running on Linux:

PixPang Super Pang Linux Remake

PixGuegos game development team has also two other games in their site portfolio; this are Garnatron and PixDash . Here are screenshots:

Garnatron Linux Spaceship arcade game screenshot

PixDash Linux arcade game screenshot
Congrats to the guys of PixJuegos for their great Linux games! I wish them a lot of success and a lot of productive years in Linux game development 😉

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Entertainment, Games Linux, Linux and FreeBSD Desktop, Linux Audio & Video | No Comments »

How to make NAT enable hosts in a local network to access the internet, create port forwarding to local IPs behind the router using iptables

Tuesday, August 23rd, 2011

I’m bulding new iptables firewall on one Linux server. The Debian GNU/Linux is required to act as firewall do Network Adress Translation for a small network of office PCs as well as forward some of the inbound ports to hosts from the local network located behind the router.

The local network besides the router had an IP addressing in the class C network e.g. (192.168.1.1-255)

First I procceded and enabled the Network Address Translation via the Linux kernel variable:

linux:~# sysctl -w net.ipv4.ip_forward=1
linux:~# echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf

Initially I even forgot to switch on the net.ipv4.ip_forward to 1 (by default this value is set to 0) – GNU/Linux’s default network behaviour is not predetermined to act as network router.
However, since I haven’t configured Network Address Translation for quite some time it completely slipped my mind!

Anyways next the actual iptables rule which makes NAT possible I used is:

linux:~# /sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -j SNAT --to-source xxx.xxx.xxx.xxx

Whether xxx.xxx.xxx.xxx is the External IP address assigned to the router on eth0

With this very simple rules now Network the local network is capable of accessing the Internet withotu problem.

It’s a good time to say that still many system administrators, still erroneously use MASQUERADE rules instead of SNAT .
IP MASQUERADING is an ancestry from ipchains and these days should be completely abandonded, especially where no often change of primary IP address to access the internet is made.
For dial-ups or other kind of networking, where the IP addresses are often changed still IP MASQUERADING might be a good idea though.

My next goal was to make the Linux router to do port forwarding of Traffic which arrives on port 80 to a IIS server assigned with a local IP address of 192.168.1.5
I did the webserver (port 80), port forwarding from IP xxx.xxx.xxx.xxx to 192.168.1.5 with the iptables rule:

linux:~# /sbin/iptables -t nat -A PREROUTING -d xxx.xxx.xxx.xxx/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.5:80

There was a requirement to do port forwarding for a Windows remote Desktop running on standard port 3389 from the router to the internal Windows IP address running the IIS webserver, however the company required me to only allow access to the rdesktop 3389 port to certain real IP addresses.
Initially I thought about using the above PREROUTING rule which makes the port redirection to the IIS server and only change port 80 to port 3389 , and then use filter table INPUT chain rules like:

/sbin/iptables -A INPUT -s xx1.xx2.xx3.xx4,1xx,2xx,3xx,4xx,xxx.xxx.xxx.xxx -p tcp -m tcp --dport 3389 -j ACCEPT/sbin/iptables -A INPUT -p tcp -m tcp --dport 3389 -j REJECT --reject-with icmp-port-unreachable
32

However this did not work out, so I decided to give a try to do the same within the filter table using the FORWARD chain, like so:

FORWARD/sbin/iptables -A FORWARD -p tcp -m tcp -s xx1.xx2.xx3.xx4,1xx,2xx,3xx,4xx,xxx.xxx.xxx.xxx -p tcp -m tcp --dport 3389 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp -m tcp --dport 3389 -j REJECT --reject-with icmp-port-unreachable

Adding this rules did not added any filtering to the forwarded remote desktop port. I suspected that somehow probably my above PREROUTING nat rules are read before any other rules and therefore automatically allows any IP address to port fortward traffic.
I’ve checked the iptables documentation and it seems my guess was partially right.

When some kind of network traffic enters the iptables firewall it first goes through the PREROUTING channel and then the traffic flows in a certain order.
iptables packet flow diagram

The iptables network packets flow is clearly seen in above’s diagram a thorough looks gives a very good idea on how packet is being processed by iptables

Finally as I couldn’t think about a good solution on how to only filter the port redirected traffic, which always firstly entered in the POSTROUTING chain, I’ve consulted with the guys in irc.freenode.net in #Netfilter.

I’m quite thanksful as a guy nicknamed Olipro has given me a pretty good picture on the port forwarding POSTROUTING problem and has provided me with a very logical easy and great fix.
He suggested that I only do port forwarding for certain IP addresses instead of allowing all IP addresses and then lookup for a way to allow only some of them and filter the rest.

The iptables rule to restrict the incoming traffic to the remote desktop forwarded port 3389 to few only allowed IP addresses looks like so:

linux:~# /sbin/iptables -t nat -A PREROUTING -d xxx.xxx.xxx.xxx/32 -s xx1.xx2.xx3.xx4,1xx,2xx,3xx,4xx,xxx.xxx.xxx.xxx -p tcp -m tcp –dport 3389 -j DNAT –to-destination 192.168.1.5:3389

Now the three sample IPs passed xx1.xx2.xx3.xx4,1xx,2xx,3xx,4xx,xxx.xxx.xxx.xxx has added to port forward traffic on 3389 to 192.168.1.5

By the way I did not know that newer versions of iptables support passing by multiple IP addresses to the –source or –destination IP. This is really great feature I’ve learned from the good guys from #Netfilter. However one should be careful when using the multiple IPs with -s or -d, it’s really important that the passed consequent IPs has no space between the , delimiter.

Now that’s all my task is completed. All computerse inside the Network 192.168.1.1-255 on the Linux router freely can access the Internet, all IPs are also capable to access the IIS server located behind the NAT as well as only certain IPs are capable of accessing to the IIS remote desktop.
Hope the article helps somebody 😉

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, System Administration | 2 Comments »

How to fix wrongly configured timezone in Debian GNU/Linux and Ubuntu

Wednesday, August 3rd, 2011

During the install of a new Debian GNU/Linux server I was in a real hurry, so I mistakenly choose a wrong timezone of US/Pacific

As a consequence the server date and time was incorrect and I had to fix that to adjust to the proper server location which of this case was:Europe/London

Here is the quick fix:

debian:~# dpkg-reconfigure tzdata

Next I choose my timezone from the ncurses interface navigating with arrow keys and used ntpdate to synchronize the time for the server like so:

debian:~# ntpdate time.nist.gov
3 Aug 16:02:26 ntpdate[26658]: adjust time server 192.43.244.18 offset 0.000802 sec

Done 😉

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, System Administration | 2 Comments »

Fix “checking build system type… Invalid configuration `x86_64-unknown-linux’: machine `x86_64-unknown’ not recognized” on ./configure

Wednesday, August 3rd, 2011

I’m trying to compile vqadmin on x86_amd64 (64 bit Debian) and I got error during ./configure . The error I got is as follows:

debian:~/vqadmin-2.3.7# ./configure --enable-cgibindir=/var/www/mail/cgi-bin -enable-htmldir=/var/www/mail/ --enable-isoqlog=y
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
/downloads/vqadmin-2.3.7/missing: Unknown `--run' option
Try `/downloads/vqadmin-2.3.7/missing --help' for more information
configure: WARNING: `missing' script is too old or missing
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking build system type... Invalid configuration `x86_64-unknown-linux': machine `x86_64-unknown' not recognized

So my compile failed with:
checking build system type… Invalid configuration `x86_64-unknown-linux’: machine `x86_64-unknown’ not recognized

Thanksfully, there is a tiny script which originally is part of the CVS project. I’ve modified a bit the script to remove few lines of code which are not necessery. The `x86_64-unknown-linux’: machine `x86_64-unknown’ not recognized fix script fix_x86_64-unknown-linux-gnu.sh is here

To fix up the broken configure all required is:

debian:~/vqadmin-2.3.7# sh fix_x86_64-unknown-linux-gnu.sh

Next on I could compile normally again vqadmin just fine.

Tags: , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, System Administration | 11 Comments »

Newer Entries »