Linux

APT and packages

  • sources.list for i586 and amd64 modified by me (mix of unstable and experimental repository) and gpg keys - updated on 2011-10-15
    32 BIT: $ sudo wget --output-document=/etc/apt/sources.list http://www.torino19.org/mike/pool/apt/sources.list/i586/sources.list
    64 BIT: $ sudo wget --output-document=/etc/apt/sources.list http://www.torino19.org/mike/pool/apt/sources.list/amd64/sources.list
  • “Dynamic MMap ran out of room” error → You should increase APT::Cache-Limit in your 70debconf file (/etc/apt/apt.conf.d/70debconf)
  • Fix BADSIG errors:
    $ sudo -i
    # apt-get clean
    # mv /var/lib/apt/lists /var/lib/apt/lists.old
    # mkdir -p /var/lib/apt/lists/partial
    # apt-get clean ; apt-get update ; exit
  • script to fix GPG keys errors
  • Manual remove of a package (last resort!!)
  1. First try:
    dpkg -P --force-all nagios-common
  2. If still no joy:
    List the package contents and take a note of this list
    $ dpkg -L nagios-common
    
    go to the directory /var/lib/dpkg/info
    $ cd /var/lib/dpkg/info
    
    remove problematic scripts
    # rm YOURPACKAGE.*
    
    uninstall package
    # apt-get remove --purge YOURPACKAGE
    
    to finish up, remove all files you found previously with 'dpkg -L'

Packages outside repositories

How-Tos

  • Debian - Le prime cose da fare - My guide written for new Debian users (Available only in italian and really outdated)
  • Guide di Debianizzati.org - A lot of guides for Debian (available only in italian)
  • Debian encrypted root - (Available only in italian)
  • “Open terminal here” in Nautilus:
    Install the nautilus-open-terminal package.
    Then you will need to log out and log in again, or simply restart nautilus:
        nautilus -q
        Alt-F2 -> nautilus
  • Fix Debian annoying locales problems: 1, 2, 3, 4
  • Configure PulseAudio: (NOTE: Wheezy is pulseaudio ready, this guide is Debian >=6.x only)
    1. INSTALL PULSEAUDIO
      # aptitude install pulseaudio pulseaudio-module-gconf
    2. ALSA COMPABILITY
      $ nano /etc/asound.conf
      (paste this inside:)
      pcm.pulse {
         type pulse
      }
      ctl.pulse {
         type pulse
      }
      pcm.!default {
         type pulse
      }
      ctl.!default {
         type pulse
      }
    3. SET PULSEAUDIO AS DEFAULT
      $ gconftool-2 -t string --set /system/gstreamer/0.10/default/audiosink pulsesink
      $ gconftool-2 -t string --set /system/gstreamer/0.10/default/audiosrc pulsesrc
      $ gconftool-2 -t string --set /system/gstreamer/0.10/default/musicaudiosink pulsesink
      
      Note that many other programs should be configured to use pulsaudio, for example mplayer:
      # nano /etc/mplayer/mplayer.conf
      search "ao=alsa" and replace it with "ao=pulse"
  • To automatically mount NFS shares at boot time put in /etc/default/rcS
    ASYNCMOUNTNFS="no"

Programming

Networking Tips

Many network cards connected at the same subnet and/or switch fail routing

Obviously you need a strong routing table to avoid lost packets, the trick is control arp requests and replies: In your sysctl.conf you should set these parameters:

net.ipv4.ip_forward=1 //this is an IPv4 router
net.ipv6.conf.all.forwarding=1 //this is an IPv6 router
net.ipv4.conf.all.arp_ignore=1 //we ignoring ARP packets to avoid routing problem with 2 interfaces in the same subnet, note that you can also specify the correct interface instead of "all")
net.ipv4.conf.all.arp_announce=2

An excellent reference page about this problem and these fixes.

Ping through another gateway (ignoring IP routing table)

This is very useful to check if a device outside our subnet is still alive without compromise the routing table.

$ sudo arping -c 1 -S SOURCE_IP -T DESTINATION_IP MAC_ADDRESS_GW

SOURCE_IP is our ip address DESTINATION_IP is the ip address of device to be checked MAC_ADDRESS_GW is the mac address of a machine/router available on our subnet able to reach DESTINATION_IP

Multiple internet gateways

Defend your server against DDoS, Bruteforce, ecc..

  • libapache2-mod-evasive
  • libapache2-mod-security

Quick DHCP server

sudo dnsmasq -i eth0 -d --dhcp-range=192.168.89.90,192.168.89.100

Quick HTTP server

python -m SimpleHTTPServer 8000

Quick FTP server

python -m pyftpdlib -p 2121

Useful commands

How-Tos

External

Reverse dynamic proxy

  • ssh remoteuser@remotehost -R forwardedsshport:localhost:localsshport -t "ssh -D dynamicproxyport localuser@localhost -p forwardedsshport"

Authenticate with USB/SD device with automatic lock/unlock - libpam-usb

This is based on 1, 2 and some stuffs found on the net. The following steps assumes that your using a Debian based distro with Gnome as DM.

  1. Install libpam-usb package
    $ sudo apt-get install libpam-usb
  2. Add support for SD cards readers with my patch in order to not waste an USB port :)
  3. Plug-in your device and create a new token
    $ sudo pamusb-conf --add-user YOURUSER
  4. Add pamusb-agent to your startup applications
    $ echo "[Desktop Entry]
    Name=pamusb-agent
    GenericName=PAM USB Auth
    Exec=/usr/bin/pamusb-agent
    Terminal=false
    Categories=Tools
    Type=Application
    StartupNotify=false
    X-GNOME-Autostart-enabled=true" > ~/.config/autostart/pamusb-agent.desktop
  5. Change automated actions
    $ sudo vi /etc/pamusb.conf
    
    Look for the row containing <user id="YOURUSER"> and append before </user> the following lines
                            <agent event="lock">dbus-send --type=method_call --dest=org.gnome.ScreenSaver /org/gnome/ScreenSaver org.gnome.ScreenSaver.Lock</agent>
    			<agent event="unlock">dbus-send --session --dest=org.gnome.ScreenSaver --type=method_call --print-reply --reply-timeout=20000 /org/gnome/ScreenSaver org.gnome.ScreenSaver.SetActive boolean:false</agent>
  6. Logout/login and see the magic happen :)

Fixed (and automatically) mountpoint for external drives

  1. Edit your fstab specifying UUID, mountpoint and options (including “auto”)
  2. Assuming that your device was currently in /dev/sdb list its udev informations:
    $ udevinfo -a -p $(udevinfo -q path -n /dev/sdb)
    # NOTE: Debian sid has renamed this utility to udevadm. The equivalent command is below:
    # udevadm info --name=/dev/sdb --attribute-walk
  3. take a note of some “unique” (and persistent!) information about your drive, like:
    • BUS==“usb” - will match your bus excluding the others (sata, firewire, scsi, ecc)
    • SYSFS{product}==“TS128MJFLASHA” - match the model
    • KERNEL=“sd?1” - will only match locations like /dev/sda1, /dev/sdb1 and more importantly, it won't match nodes like /dev/sda, /dev/sdb, which can be fdisk'ed. Using this value you can automatically mount only some partitions of single drive.
  4. Create a new udev rule
    sudo nano /etc/udev/rules.d/99-customautomount.rules
  5. Fill the new rule with your drive information and mount command
    BUS=="usb", SYSFS{product}=="TS128MJFLASHA", KERNEL=="sd?1", run+="/bin/mount /mnt/Films"
  6. Restart udev
  7. Enjoy automatically mount :)

Make your Gnome 3 terminal transparent

  1. Install Devil's Pie 2
    # apt-get install devilspie2
  2. Create devilspie2 configuration folder
    $ mkdir ~/.config/devilspie2
  3. Paste this devilspie2 script inside a new file
    $ nano ~/.config/devilspie2/terminal.lua
    if (get_application_name() == "Terminal") then
       set_window_opacity(0.85)
       set_window_size(1000, 650)
       center()
    end
  4. Run devilspie2 at login
    $ nano ~/.config/autostart/devilspie2.desktop
    [Desktop Entry]
    Type=Application
    Exec=/usr/bin/devilspie2
    Hidden=false
    X-GNOME-Autostart-enabled=true
    Name[en_US]=devilspie2
    Name=devilspie2
    Comment[en_US]=devilspie2
    Comment=devilspie2

You didn't say the magic word!

If you are a real hacker you can't imagine something better then Jurassic Park login!

  • Make sure that your distro use PAM (almost any distro except Slackware use PAM as default), and you have mplayer installed

Automatic installation (deb package for Debian based distribution fully automatized and Makefile for others without PAM configuration)

Manual installation

  1. edit /etc/pam.d/common-auth
    insert this line immediately before the line with pam_deny.so module
    
    auth [default=ignore] pam_exec.so seteuid /usr/bin/didntsaythemagicword
    
    Now edit the two lines above (pam_unix and pam_winbind) and increase in every line success number by one, for example if you have success=2 change it to success=3. This is needed to skip our extra line when auth is successful.
  2. Create a new script in /usr/bin/didntsaythemagicword
    #!/bin/sh
    
    # Check current TTY and if we are on fail login case or not
    if [ -z "$PAM_TTY" ] ; then
     PAM_TTY=`tty`
     NOTUSINGPAM=yes
    fi
    MYTTY=$PAM_TTY
    echo -n "access: PERMISSION DENIED." 1>$MYTTY
    
    # How many failed attempts in 5 minutes?
    LOG="/tmp/jurassikpark-${PAM_RHOST}-${PAM_RUSER}-${PAM_SERVICE}-`echo $MYTTY | sed s/\\\//_/g`-${PAM_USER}.log"
    if [ -e "$LOG" ] ; then
     if test $(find "$LOG" -mmin +5) ; then
      rm $LOG
     else
      . $LOG
     fi
    fi
    echo "COUNT_FAILS=`expr $COUNT_FAILS + 1`" > $LOG
    . $LOG
    if [ "$COUNT_FAILS" -le 2 ] && [ -z "$NOTUSINGPAM" ] ; then
     echo "" 1>$MYTTY
     exit 0
    fi
    
    # Hinibit cursor
    setterm -cursor off
    
    # Hinibit ctrl-c ctrl-z
    trap "" 2 20
    
    sleep 0.25
    sleep 0.25 ; echo -n "...and...." 1>$MYTTY
    sleep 0.25 ; echo "YOU DIDN'T SAY THE MAGIC WORD!" 1>$MYTTY
    sleep 0.25
    
    if [ -z "$NOTUSINGPAM" ] ; then
     mplayer -vo fbdev2 /usr/share/youdidntsaythemagicword.ogv 2>/dev/null 1>/dev/null &
    else
     mplayer -nogui -vo xv /usr/share/youdidntsaythemagicword.ogv 2>/dev/null 1>/dev/null &
    fi
    
    COUNT=0
    while [ $COUNT -le 560 ]
    do
     echo "YOU DIDN'T SAY THE MAGIC WORD!" 1>$MYTTY
     sleep 0.05
     COUNT=`expr $COUNT + 1`
    done
    
    setterm -cursor on
    
    exit 0
  3. Make it executable
    # chmod +x /usr/bin/didntsaythemagicword
  4. Download this video from youtube and place it in /usr/share/youdidntsaythemagicword.flv
  5. Now every 3 login failed the video shows up! It works without xorg too!

Backup a lot of data from a remote (not directly accessible) VM with minimum overhead

  1. Connect to server
    $ ssh user@ip_server -L 1900:ip_vm:1900
  2. Then connect to your VM
    $ ssh user@ip_vm
  3. Start the listener
    $ tar zc * | nc -l 1900
  4. Open a new terminal and start the receiver
    nc localhost 1900 | tar zx

Add a disk to extend a LVM logical volume

  1. Mark your disk/partition as LVM
    # pvcreate /dev/sdX
  2. Extend the VolumeGroup containing your logical volume
    # vgextend VolGroup00 /dev/sdX
  3. Extend the logical volume
    # lvextend -l +100%FREE /dev/VolGroup00/LogVol02
  4. Extend the filesystem
    # resize2fs /dev/VolGroup00/LogVol02
Navigation
Print/export
QR Code
QR Code Linux (generated for current page)