Posts Tagged ‘src’

Rebuilding source rpm (redhat package manager) files to binary rpms / Update clamav toaster installation on CentOS 5

Tuesday, May 18th, 2010

Every now and then I have to build a binary rpm from a source rpm (src.rpm) file.

Last time I had to rebuild clamav-toaster-0.96.0-1.3.35.src.rpm because a the clamav toaster installationon one of the CentOS servers I maintin has reached an end of the supported maintance period for the previous clamav 0.94.

Of course I first had to download clamav-toaster-0.96.0-1.3.35.src.rpm .

[root@centos-server:~ ]# wget http://mirrors.qmailtoaster.net/clamav-toaster-0.96.0-1.3.35.src.rpm

Consequently I used the following command to rebuild the source rpm file into rpm binary

[root@centos-server:~ ]# rpmbuild --rebuild clamav-toaster-0.96.0-1.3.35.src.rpm

The aforementioned command will take a while it took like 5 minutes on my server.

As soon as the rpm build is completed your binary rpm installation file for clamav-toaster will be located in:

/usr/src/redhat/RPMS/x86_64/clamav-toaster-0.96.0-1.3.35.x86_64.rpm

To install or update the recently built clamav-toaster rpm binary issue:

[root@centos-server:~ ]# rpm -Uvh /usr/src/redhat/RPMS/x86_64/clamav-toaster-0.96.0-1.3.35.x86_64.rpm

That’s all now your outdated clamav-toaster installation should be once more up to date.
If you want to further list the content of the newly installed/updated rpm binary you will have to issue the command in your terminal:

[root@centos-server:~ ]# rpm -ql clamav-toaster

ipw3945 on kernel 2.6.30

Friday, September 4th, 2009

I’ve loosed big time trying to compile ipw3945 on my debian amd64 system running kernel 2.6.30, unfortunately at the endI couldn’t make ipw3945 run correctly. However I’ll try to explain just in case if somebody out there succeeds in running the ipw3945 driver on kernel 2.6.30. First I needed to compile the ieee80211-1.2.18 subsystem correctly. That gave me a hard time cause the damned thing won’t compile on my kernel version. I’ve googled about the solution and had to combine a couple of solutions before I succeed compiling.Here is what was required
1. First in ieee80211.module.c change proc_net for init_net.proc_net.
2. Next change in ieee80211_crypt_wep.c and ieee80211_crypt_tkip.c .page for .page_link
3. Next download ieee80211_wx.c-2.6.27.patch.txt
4. Patch ieee80211-1.2.18 e.g. in my case: # cd /usr/src/ieee80211-1.2.18; patch -p0 < ieee80211_wx.c-2.6.27.patch.txt
5. Overwrite the file ieee80211_crypt_tkip.c in /usr/src/ieee80211-1.2.18 with the following ieee80211_crypt_tkip.c file.
6. Now with God’s help you might try: # make && make install

Now let’s proceed to the compilation of the ipw3945 driver itself.

I’ve used the the ipw3945-1.2.2 driver from the Intel Pro/Wireless 3945ABG Driver Website .In kernels newer than 2.6.22 on 64 bit architectures in order to make the driver compile, you have to apply the fix-for-64-bits-2.6.22-onwards.patch patch.
Now enter the ipw3945-1.2.2 source directory and execute patch -p0 < fix-for-64-bits-2.6.22-onwards.patch ,hopefully it should patch correctly.I had to also use the ipw3945-1.2.2.patch patch.
Again patch it with: # patch -p0 < ipw3945-1.2.2.patch.

Next in order to compile it I had to execute: # make IEEE80211_INC=/usr/src/ieee80211-1.2.18 IEEE80211_IGNORE_DUPLICATE=y && make install.Next I have downloaded the ipw3945d-1.7.22 . Untarred the archive file
# tar -zxvf ipw3945d-1.7.22.tgz and last but not least:
# cp -rpf x86_64/ipw3945d /etc/init.d/The ipw3945 loaded correctly with modprobe ipw3945, however the wireless device wasn’t detected … Even though the failure to make the ipw3945 driver running what I did gave me hope that eventually if I invest some more time and efforts attempting to make it work I could eventually succeed and enjoy the benefits of a better wireless networks signal strengths. Until that happens I’ll hold up to the newer iwl3945 to use my wireless.END—–

How to improve Linux kernel security with GrSecurity / Maximum Linux kernel security with GrSecurity

Tuesday, May 3rd, 2011

In short I’ll explain here what is Grsecurity http://www.grsecurity.net/ for all those who have not used it yet and what kind of capabilities concerning enhanced kernel security it has.

Grsecurity is a combination of patches for the Linux kernel accenting at the improving kernel security.

The typical application of GrSecurity is in the field of Linux systems which are administered through SSH/Shell, e.g. (remote hosts), though you can also configure grsecurity on a normal Linux desktop system if you want a super secured Linux desktop ;).

GrSecurity is used heavily to protect server system which require a multiple users to have access to the shell.

On systems where multiple user access is required it’s a well known fact that (malicious users, crackers or dumb script kiddies) get administrator (root) privileges with a some just poped in 0 day root kernel exploit.
If you’re an administrator of a system (let’s say a web hosting) server with multiple users having access to the shell it’s also common that exploits aiming at hanging in certain daemon service is executed by some of the users.
In other occasions you have users which are trying to DoS the server with some 0 day Denial of Service exploit.
In all this cases GrSecurity having a kernel with grsecurity is priceless.

Installing grsecurity patched kernel is an easy task for Debian and Ubuntu and is explained in one of my previous articles.
This article aims to explain in short some configuration options for a GrSecurity tightened kernel, when one have to compile a new kernel from source.

I would skip the details on how to compile the kernel and simply show you some picture screens with GrSecurity configuration options which are working well and needs to be set-up before a make command is issued to compile the new kernel.

After preparing the kernel source for compilation and issuing:

linux:/usr/src/kernel-source$ make menuconfig

You will have to select options like the ones you see in the pictures below:

[nggallery id=”8″]

After completing and saving your kernel config file, continue as usual with an ordinary kernel compilation, e.g.:

linux:/usr/src/kernel-source$ make
linux:/usr/src/kernel-source$ make modules
linux:/usr/src/kernel-source$ su root
linux:/usr/src/kernel-source# make modules_install
linux:/usr/src/kernel-source# make install
linux:/usr/src/kernel-source# mkinitrd -o initrd.img-2.6.xx 2.6.xx

Also make sure the grub is properly configured to load the newly compiled and installed kernel.

After a system reboot, if all is fine you should be able to boot up the grsecurity tightened newly compiled kernel, but be careful and make sure you have a backup solution before you reboot, don’t blame me if your new grsecurity patched kernel fails to boot! You’re on your own boy 😉
This article is written thanks to based originally on his article in Bulgarian. If you’re a Bulgarian you might also checkout static’s blog

Convert png files to ico on Linux – Create “icon” files from pictures

Tuesday, November 2nd, 2010

You will need png2ico

First you will have to download the png2ico source

Now you will have to download compile and install the program by issuing:

debian:~# wget http://www.winterdrache.de/freeware/png2ico/data/png2ico-src-2002-12-08.tar.gz
debian:~# tar -zxvf png2ico-src-2002-12-08.tar.gz...
debian:~# cd png2ico/
debian:/root/png2ico# make
debian:/root/png2ico# cp -rpf png2ico /usr/local/bin/

Convertion is pretty easy and it comes to executing simply:

debian:/home/hipo$ png2ico favicon.ico png_picture_to_convert.png

Note that your png_picture_to_convert.png has to be in a graphic dimensions of 16×16
That’s all now you should have your favicon.ico on your Linux created.

Installing HTOP on CentOS 5.5 OpenVZ Linux server from source

Friday, July 22nd, 2011

Htop Cool picture logo / htop on CentOS OpenVZ

Lately, I’m basicly using htop‘s nice colourful advanced Linux top command frontend in almost every server I manage, therefore I’ve almost abondoned top usage these days and in that reason I wanted to have htop installed on few of the OpenVZ CentOS 5.5 Linux servers at work.

I looked online but unfortunately I couldn’t find any rpm pre-built binary packages. The source rpm package I tried to build from dag wieers repository failed as well, so finally I went further and decided to install htop from source

Here is how I did it:

1. Install gcc and glibc-devel prerequired rpm packages

[root@centos ~]# yum install gcc glibc-devel

2. Download htop and compile from source

[root@centos src]# cd /usr/local/src
[root@centos src]# wget "http://sourceforge.net/projects/htop/files/htop/0.9/htop-0.9.tar.gz/download"
Connecting to heanet.dl.sourceforge.net|193.1.193.66|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 418767 (409K) [application/x-gzip]
Saving to: "download"

100%[======================================>] 418,767 417K/s in 1.0s
2011-07-22 13:30:28 (417 KB/s) – “download” saved [418767/418767]

[root@centos src]# mv download htop.tar.gz
[root@centos src]# tar -zxf htop.tar.gz
[root@centos src]# cd htop-0.9
[root@centos htop-0.9]# ./configure && make && make install

make install should install htop to /usr/local/bin/htop

That’s all folks! , now my OpenVZ CentOS server is equipped with the nifty htop tool 😉