software:linux
This is an old revision of the document!
Table of Contents
Linux
Debian related
APT and packages
- sources.list for i586 and amd64 modified by me (mix of unstable and experimental repository) and gpg keys - updated on 2011-10-15
32 BIT: $ sudo wget --output-document=/etc/apt/sources.list http://www.torino19.org/mike/pool/apt/sources.list/i586/sources.list 64 BIT: $ sudo wget --output-document=/etc/apt/sources.list http://www.torino19.org/mike/pool/apt/sources.list/amd64/sources.list
- “Dynamic MMap ran out of room” error → You should increase APT::Cache-Limit in your 70debconf file (/etc/apt/apt.conf.d/70debconf)
- Fix BADSIG errors:
$ sudo -i # apt-get clean # mv /var/lib/apt/lists /var/lib/apt/lists.old # mkdir -p /var/lib/apt/lists/partial # apt-get clean ; apt-get update ; exit
- script to fix GPG keys errors
- Manual remove of a package
- First try:
dpkg -P nagios-common
- If still no joy:
List the package contents and take a note of this list $ dpkg -L nagios-common go to the directory /var/lib/dpkg/info $ cd /var/lib/dpkg/info remove problematic scripts # rm YOURPACKAGE.* uninstall package # apt-get remove --purge YOURPACKAGE to finish up, remove all files you found previously with 'dpkg -L'
- dlocate is a really useful software to find which installed package provide a file on your system
- cruft search for orphans files (not unpacked by dpkg)
- Repack a .deb changing dependencies, provided packages, ecc…
- dpkg-repack creates a .deb file out of a debian package that has already been installed
Packages outside repositories
- Skype 64bit for Debian
How-Tos
- Debian - Le prime cose da fare - My guide written for new Debian users (Available only in italian)
- Guide di Debianizzati.org - A lot of guides for Debian (available only in italian)
- Debian encrypted root - (Available only in italian)
- Booting Loop-AES Encrypted Root from USB Stick - Extreme paranoia!
- “Open terminal here” in Nautilus:
Install the nautilus-open-terminal package. Then you will need to log out and log in again, or simply restart nautilus: nautilus -q Alt-F2 -> nautilus
- Configure PulseAudio: (NOTE: Wheezy is pulseaudio ready, this guide is Debian >=6.x only)
- INSTALL PULSEAUDIO
# aptitude install pulseaudio pulseaudio-module-gconf
- ALSA COMPABILITY
$ nano /etc/asound.conf (paste this inside:) pcm.pulse { type pulse } ctl.pulse { type pulse } pcm.!default { type pulse } ctl.!default { type pulse }
- SET PULSEAUDIO AS DEFAULT
$ gconftool-2 -t string --set /system/gstreamer/0.10/default/audiosink pulsesink $ gconftool-2 -t string --set /system/gstreamer/0.10/default/audiosrc pulsesrc $ gconftool-2 -t string --set /system/gstreamer/0.10/default/musicaudiosink pulsesink Note that many other programs should be configured to use pulsaudio, for example mplayer: # nano /etc/mplayer/mplayer.conf search "ao=alsa" and replace it with "ao=pulse"
- To automatically mount NFS shares at boot time put in /etc/default/rcS
ASYNCMOUNTNFS="no"
Kernel related
Programming
Networking Tips
Many network cards connected at the same subnet and/or switch fail routing
Obviously you need a strong routing table to avoid lost packets, the trick is control arp requests and replies: In your sysctl.conf you should set these parameters:
net.ipv4.ip_forward=1 //this is an IPv4 router net.ipv6.conf.all.forwarding=1 //this is an IPv6 router net.ipv4.conf.all.arp_ignore=1 //we ignoring ARP packets to avoid routing problem with 2 interfaces in the same subnet, note that you can also specify the correct interface instead of "all") net.ipv4.conf.all.arp_announce=2
An excellent reference page about this problem and these fixes.
Ping through another gateway (ignoring IP routing table)
This is very useful to check if a device outside our subnet is still alive without compromise the routing table.
$ sudo arping -c 1 -S SOURCE_IP -T DESTINATION_IP MAC_ADDRESS_GW
SOURCE_IP is our ip address DESTINATION_IP is the ip address of device to be checked MAC_ADDRESS_GW is the mac address of a machine/router available on our subnet able to reach DESTINATION_IP
Multiple internet gateways
Defend your server against DDoS, Bruteforce, ecc..
- fail2ban
- libapache2-mod-evasive
- libapache2-mod-security
Quick DHCP server
sudo dnsmasq -i eth0 -d --dhcp-range=192.168.89.90,192.168.89.100
Useful commands
- List of 16 top-like commands to monitor network/system/hdd/ecc…
- 7 bash <del>hidden</del> not well known features - (Available only in Italian)
- Scheduled shutdown/hibernate
# shutdown -h +X # X = minutes to wait before shutdown # shutdown -h 23:20 # 23:20 = hh.mm, system wait until system clock is 22.30 then shutdown # sleep X ; dbus-send --system --print-reply --dest="org.freedesktop.UPower" /org/freedesktop/UPower org.freedesktop.UPower.Suspend method return sender=:1.22 -> dest=:1.125 reply_serial=2 # X = minutes to wait before hibernate
How-Tos
External
- Mount JFFS2 image - NOTE: for different endianess you need to convert your image, for example to mount a mips image (big endian) on an x86 pc (little endian) before mount you must use jffs2dump in this way:
jffs2dump -b -c -e dest_file.little src_file.big
- Unpacking Packages - How-to unpack tar, tgz, bz2 and many others packages
- Mode line generator - Enter your monitor/TV spec. and you get the correct modeline to use in your xorg.conf
- Autostart at login - Official specification (works with GNOME/KDE)
Fixed (and automatically) mountpoint for external drives
- Edit your fstab specifying UUID, mountpoint and options (including “auto”)
- Assuming that your device was currently in /dev/sdb list its udev informations:
$ udevinfo -a -p $(udevinfo -q path -n /dev/sdb) # NOTE: Debian sid has renamed this utility to udevadm. The equivalent command is below: # udevadm info --name=/dev/sdb --attribute-walk
- take a note of some “unique” (and persistent!) information about your drive, like:
- BUS==“usb” - will match your bus excluding the others (sata, firewire, scsi, ecc)
- SYSFS{product}==“TS128MJFLASHA” - match the model
- KERNEL=“sd?1” - will only match locations like /dev/sda1, /dev/sdb1 and more importantly, it won't match nodes like /dev/sda, /dev/sdb, which can be fdisk'ed. Using this value you can automatically mount only some partitions of single drive.
- Create a new udev rule
sudo nano /etc/udev/rules.d/99-customautomount.rules
- Fill the new rule with your drive information and mount command
BUS=="usb", SYSFS{product}=="TS128MJFLASHA", KERNEL=="sd?1", run+="/bin/mount /mnt/Films"
- Restart udev
- Enjoy automatically mount :)
You didn't say the magic word!
If you are a real hacker you can't imagine something better then Jurassic Park login!
- Make sure that your distro use PAM (almost any distro except Slackware use PAM as default), and you have mplayer installed
- edit /etc/pam.d/common-auth
insert this line immediately before the line with pam_deny.so module auth [default=ignore] pam_exec.so seteuid /usr/bin/didntsaythemagicword Now edit the two lines above (pam_unix and pam_winbind) and increase in every line success number by one, for example if you have success=2 change it to success=3. This is needed to skip our extra line when auth is successful.
- Create a new script in /usr/bin/didntsaythemagicword
#!/bin/sh # Check current TTY and if we are on fail login case or not if [ -z "$PAM_TTY" ] ; then PAM_TTY=`tty` NOTUSINGPAM=yes fi MYTTY=$PAM_TTY echo -n "access: PERMISSION DENIED." 1>$MYTTY # How many failed attempts? LOG="/var/log/auth.log" COUNT=`tail -30 $LOG | grep "FAILED" | wc -l` if [ "$COUNT" -lt 2 ] && [ -z "$NOTUSINGPAM" ] ; then echo "" 1>$MYTTY exit 0 fi # Hinibit cursor setterm -cursor off # Hinibit ctrl-c ctrl-z trap "" 2 20 sleep 0.25 sleep 0.25 ; echo -n "...and...." 1>$MYTTY sleep 0.25 ; echo "YOU DIDN'T SAY THE MAGIC WORD!" 1>$MYTTY sleep 0.25 if [ -z "$NOTUSINGPAM" ] ; then mplayer -vo fbdev2 /usr/share/youdidntsaythemagicword.flv 2>/dev/null 1>/dev/null & else mplayer -nogui -vo xv /usr/share/youdidntsaythemagicword.flv 2>/dev/null 1>/dev/null & fi COUNT=0 while [ $COUNT -le 560 ] do echo "YOU DIDN'T SAY THE MAGIC WORD!" 1>$MYTTY sleep 0.05 COUNT=`expr $COUNT + 1` done setterm -cursor on exit 0
- Make it executable
# chmod +x /usr/bin/didntsaythemagicword
- Download this video from youtube and place it in /usr/share/youdidntsaythemagicword.flv
- Now every 3 login failed the video shows up! It works without xorg too!
software/linux.1379233155.txt · Last modified: 2013/09/15 10:19 by Michele Porelli