User Tools

Site Tools


software:linux

This is an old revision of the document!


Linux

APT and packages

  • sources.list for i586 and amd64 modified by me (mix of unstable and experimental repository) and gpg keys - updated on 2011-10-15
    32 BIT: $ sudo wget --output-document=/etc/apt/sources.list http://www.torino19.org/mike/pool/apt/sources.list/i586/sources.list
    64 BIT: $ sudo wget --output-document=/etc/apt/sources.list http://www.torino19.org/mike/pool/apt/sources.list/amd64/sources.list
  • “Dynamic MMap ran out of room” error → You should increase APT::Cache-Limit in your 70debconf file (/etc/apt/apt.conf.d/70debconf)
  • Fix BADSIG errors:
    $ sudo -i
    # apt-get clean
    # mv /var/lib/apt/lists /var/lib/apt/lists.old
    # mkdir -p /var/lib/apt/lists/partial
    # apt-get clean ; apt-get update ; exit
  • script to fix GPG keys errors
  • Manual remove of a package
  1. First try:
    dpkg -P nagios-common
  2. If still no joy:
    List the package contents and take a note of this list
    $ dpkg -L nagios-common
    
    go to the directory /var/lib/dpkg/info
    $ cd /var/lib/dpkg/info
    
    remove problematic scripts
    # rm YOURPACKAGE.*
    
    uninstall package
    # apt-get remove --purge YOURPACKAGE
    
    to finish up, remove all files you found previously with 'dpkg -L'

Packages outside repositories

How-Tos

  • Debian - Le prime cose da fare - My guide written for new Debian users (Available only in italian)
  • Guide di Debianizzati.org - A lot of guides for Debian (available only in italian)
  • Debian encrypted root - (Available only in italian)
  • “Open terminal here” in Nautilus:
    Install the nautilus-open-terminal package.
    Then you will need to log out and log in again, or simply restart nautilus:
        nautilus -q
        Alt-F2 -> nautilus
  • Configure PulseAudio: (NOTE: Wheezy is pulseaudio ready, this guide is Debian >=6.x only)
    1. INSTALL PULSEAUDIO
      # aptitude install pulseaudio pulseaudio-module-gconf
    2. ALSA COMPABILITY
      $ nano /etc/asound.conf
      (paste this inside:)
      pcm.pulse {
         type pulse
      }
      ctl.pulse {
         type pulse
      }
      pcm.!default {
         type pulse
      }
      ctl.!default {
         type pulse
      }
    3. SET PULSEAUDIO AS DEFAULT
      $ gconftool-2 -t string --set /system/gstreamer/0.10/default/audiosink pulsesink
      $ gconftool-2 -t string --set /system/gstreamer/0.10/default/audiosrc pulsesrc
      $ gconftool-2 -t string --set /system/gstreamer/0.10/default/musicaudiosink pulsesink
      
      Note that many other programs should be configured to use pulsaudio, for example mplayer:
      # nano /etc/mplayer/mplayer.conf
      search "ao=alsa" and replace it with "ao=pulse"
  • To automatically mount NFS shares at boot time put in /etc/default/rcS
    ASYNCMOUNTNFS="no"

Programming

Networking Tips

Many network cards connected at the same subnet and/or switch fail routing

Obviously you need a strong routing table to avoid lost packets, the trick is control arp requests and replies: In your sysctl.conf you should set these parameters:

net.ipv4.ip_forward=1 //this is an IPv4 router
net.ipv6.conf.all.forwarding=1 //this is an IPv6 router
net.ipv4.conf.all.arp_ignore=1 //we ignoring ARP packets to avoid routing problem with 2 interfaces in the same subnet, note that you can also specify the correct interface instead of "all")
net.ipv4.conf.all.arp_announce=2

An excellent reference page about this problem and these fixes.

Ping through another gateway (ignoring IP routing table)

This is very useful to check if a device outside our subnet is still alive without compromise the routing table.

$ sudo arping -c 1 -S SOURCE_IP -T DESTINATION_IP MAC_ADDRESS_GW

SOURCE_IP is our ip address DESTINATION_IP is the ip address of device to be checked MAC_ADDRESS_GW is the mac address of a machine/router available on our subnet able to reach DESTINATION_IP

Multiple internet gateways

Defend your server against DDoS, Bruteforce, ecc..

  • fail2ban
  • libapache2-mod-evasive
  • libapache2-mod-security

Quick DHCP server

sudo dnsmasq -i eth0 -d --dhcp-range=192.168.89.90,192.168.89.100

Useful commands

  • List of 16 top-like commands to monitor network/system/hdd/ecc…
  • Scheduled shutdown/hibernate
    # shutdown -h +X     # X = minutes to wait before shutdown
    # shutdown -h 23:20     # 23:20 = hh.mm, system wait until system clock is 22.30 then shutdown
    
    # sleep X ; dbus-send --system --print-reply --dest="org.freedesktop.UPower" /org/freedesktop/UPower org.freedesktop.UPower.Suspend
    method return sender=:1.22 -> dest=:1.125 reply_serial=2     # X = minutes to wait before hibernate

How-Tos

External

Fixed (and automatically) mountpoint for external drives

  1. Edit your fstab specifying UUID, mountpoint and options (including “auto”)
  2. Assuming that your device was currently in /dev/sdb list its udev informations:
    $ udevinfo -a -p $(udevinfo -q path -n /dev/sdb)
    # NOTE: Debian sid has renamed this utility to udevadm. The equivalent command is below:
    # udevadm info --name=/dev/sdb --attribute-walk
  3. take a note of some “unique” (and persistent!) information about your drive, like:
    • BUS==“usb” - will match your bus excluding the others (sata, firewire, scsi, ecc)
    • SYSFS{product}==“TS128MJFLASHA” - match the model
    • KERNEL=“sd?1” - will only match locations like /dev/sda1, /dev/sdb1 and more importantly, it won't match nodes like /dev/sda, /dev/sdb, which can be fdisk'ed. Using this value you can automatically mount only some partitions of single drive.
  4. Create a new udev rule
    sudo nano /etc/udev/rules.d/99-customautomount.rules
  5. Fill the new rule with your drive information and mount command
    BUS=="usb", SYSFS{product}=="TS128MJFLASHA", KERNEL=="sd?1", run+="/bin/mount /mnt/Films"
  6. Restart udev
  7. Enjoy automatically mount :)

You didn't say the magic word!

If you are a real hacker you can't imagine something better then Jurassic Park login!

  1. Make sure that your distro use PAM (almost any distro except Slackware use PAM as default), and you have mplayer installed
  2. edit /etc/pam.d/common-auth
    insert this line immediately before the line with pam_deny.so module
    
    auth [default=ignore] pam_exec.so seteuid /usr/bin/didntsaythemagicword
    
    Now edit the two lines above (pam_unix and pam_winbind) and increase in every line success number by one, for example if you have success=2 change it to success=3. This is needed to skip our extra line when auth is successful.
  3. Create a new script in /usr/bin/didntsaythemagicword
    #!/bin/sh
    
    # Check current TTY and if we are on fail login case or not
    if [ -z "$PAM_TTY" ] ; then
     PAM_TTY=`tty`
     NOTUSINGPAM=yes
    fi
    MYTTY=$PAM_TTY
    echo -n "access: PERMISSION DENIED." 1>$MYTTY
    
    # How many failed attempts?
    LOG="/var/log/auth.log"
    COUNT=`tail -30 $LOG | grep "FAILED" | wc -l`
    if [ "$COUNT" -lt 2 ] && [ -z "$NOTUSINGPAM" ] ; then
     echo "" 1>$MYTTY
     exit 0
    fi
    
    # Hinibit cursor
    setterm -cursor off
    
    # Hinibit ctrl-c ctrl-z
    trap "" 2 20
    
    sleep 0.25
    sleep 0.25 ; echo -n "...and...." 1>$MYTTY
    sleep 0.25 ; echo "YOU DIDN'T SAY THE MAGIC WORD!" 1>$MYTTY
    sleep 0.25
    
    if [ -z "$NOTUSINGPAM" ] ; then
     mplayer -vo fbdev2 /usr/share/youdidntsaythemagicword.flv 2>/dev/null 1>/dev/null &
    else
     mplayer -nogui -vo xv /usr/share/youdidntsaythemagicword.flv 2>/dev/null 1>/dev/null &
    fi
    
    COUNT=0
    while [ $COUNT -le 560 ]
    do
     echo "YOU DIDN'T SAY THE MAGIC WORD!" 1>$MYTTY
     sleep 0.05
     COUNT=`expr $COUNT + 1`
    done
    
    setterm -cursor on
    
    exit 0
  4. Make it executable
    # chmod +x /usr/bin/didntsaythemagicword
  5. Download this video from youtube and place it in /usr/share/youdidntsaythemagicword.flv
  6. Now every 3 login failed the video shows up! It works without xorg too!
software/linux.1379233155.txt · Last modified: 2013/09/15 10:19 by Michele Porelli