This is an old revision of the document!
Table of Contents
Linux
Debian related
APT and packages
- sources.list for i586 and amd64 modified by me (mix of unstable and experimental repository) and gpg keys - updated on 2011-10-15
32 BIT: $ sudo wget --output-document=/etc/apt/sources.list http://www.torino19.org/mike/pool/apt/sources.list/i586/sources.list 64 BIT: $ sudo wget --output-document=/etc/apt/sources.list http://www.torino19.org/mike/pool/apt/sources.list/amd64/sources.list
- “Dynamic MMap ran out of room” error → You should increase APT::Cache-Limit in your 70debconf file (/etc/apt/apt.conf.d/70debconf)
- Fix BADSIG errors:
$ sudo -i # apt-get clean # mv /var/lib/apt/lists /var/lib/apt/lists.old # mkdir -p /var/lib/apt/lists/partial # apt-get clean ; apt-get update ; exit
- script to fix GPG keys errors
- Manual remove of a package (last resort!!)
- First try:
dpkg -P --force-all nagios-common
- If still no joy:
List the package contents and take a note of this list $ dpkg -L nagios-common go to the directory /var/lib/dpkg/info $ cd /var/lib/dpkg/info remove problematic scripts # rm YOURPACKAGE.* uninstall package # apt-get remove --purge YOURPACKAGE to finish up, remove all files you found previously with 'dpkg -L'
- dlocate is a really useful software to find which installed package provide a file on your system
- cruft search for orphans files (not unpacked by dpkg)
- Repack a .deb changing dependencies, provided packages, ecc…
- dpkg-repack creates a .deb file out of a debian package that has already been installed
- Unattended upgrades - Automate security upgrades
Packages outside repositories
- Skype 64bit for Debian
How-Tos
- Debian - Le prime cose da fare - My guide written for new Debian users (Available only in italian and really outdated)
- Guide di Debianizzati.org - A lot of guides for Debian (available only in italian)
- Debian encrypted root - (Available only in italian)
- Booting Loop-AES Encrypted Root from USB Stick - Extreme paranoia!
- “Open terminal here” in Nautilus:
Install the nautilus-open-terminal package. Then you will need to log out and log in again, or simply restart nautilus: nautilus -q Alt-F2 -> nautilus
- Configure PulseAudio: (NOTE: Wheezy is pulseaudio ready, this guide is Debian >=6.x only)
- INSTALL PULSEAUDIO
# aptitude install pulseaudio pulseaudio-module-gconf
- ALSA COMPABILITY
$ nano /etc/asound.conf (paste this inside:) pcm.pulse { type pulse } ctl.pulse { type pulse } pcm.!default { type pulse } ctl.!default { type pulse }
- SET PULSEAUDIO AS DEFAULT
$ gconftool-2 -t string --set /system/gstreamer/0.10/default/audiosink pulsesink $ gconftool-2 -t string --set /system/gstreamer/0.10/default/audiosrc pulsesrc $ gconftool-2 -t string --set /system/gstreamer/0.10/default/musicaudiosink pulsesink Note that many other programs should be configured to use pulsaudio, for example mplayer: # nano /etc/mplayer/mplayer.conf search "ao=alsa" and replace it with "ao=pulse"
- To automatically mount NFS shares at boot time put in /etc/default/rcS
ASYNCMOUNTNFS="no"
Kernel related
Programming
Networking Tips
Many network cards connected at the same subnet and/or switch fail routing
Obviously you need a strong routing table to avoid lost packets, the trick is control arp requests and replies: In your sysctl.conf you should set these parameters:
net.ipv4.ip_forward=1 //this is an IPv4 router net.ipv6.conf.all.forwarding=1 //this is an IPv6 router net.ipv4.conf.all.arp_ignore=1 //we ignoring ARP packets to avoid routing problem with 2 interfaces in the same subnet, note that you can also specify the correct interface instead of "all") net.ipv4.conf.all.arp_announce=2
An excellent reference page about this problem and these fixes.
Ping through another gateway (ignoring IP routing table)
This is very useful to check if a device outside our subnet is still alive without compromise the routing table.
$ sudo arping -c 1 -S SOURCE_IP -T DESTINATION_IP MAC_ADDRESS_GW
SOURCE_IP is our ip address DESTINATION_IP is the ip address of device to be checked MAC_ADDRESS_GW is the mac address of a machine/router available on our subnet able to reach DESTINATION_IP
Multiple internet gateways
Defend your server against DDoS, Bruteforce, ecc..
- libapache2-mod-evasive
- libapache2-mod-security
Quick DHCP server
sudo dnsmasq -i eth0 -d --dhcp-range=192.168.89.90,192.168.89.100
Quick HTTP server
python -m SimpleHTTPServer 8000
Quick FTP server
python -m pyftpdlib -p 2121
Useful commands
- List of 16 top-like commands to monitor network/system/hdd/ecc…
- 7 bash <del>hidden</del> not well known features - (Available only in Italian)
- Scheduled shutdown/hibernate
# shutdown -h +X # X = minutes to wait before shutdown # shutdown -h 23:20 # 23:20 = hh.mm, system wait until system clock is 22.30 then shutdown # sleep X ; dbus-send --system --print-reply --dest="org.freedesktop.UPower" /org/freedesktop/UPower org.freedesktop.UPower.Suspend method return sender=:1.22 -> dest=:1.125 reply_serial=2 # X = minutes to wait before hibernate
How-Tos
External
- Mount JFFS2 image - NOTE: for different endianess you need to convert your image, for example to mount a mips image (big endian) on an x86 pc (little endian) before mount you must use jffs2dump in this way:
jffs2dump -b -c -e dest_file.little src_file.big
- Unpacking Packages - How-to unpack tar, tgz, bz2 and many others packages
- Mode line generator - Enter your monitor/TV spec. and you get the correct modeline to use in your xorg.conf
- Autostart at login - Official specification (works with GNOME/KDE)
Reverse dynamic proxy
ssh remoteuser@remotehost -R forwardedsshport:localhost:localsshport -t "ssh -D dynamicproxyport localuser@localhost -p forwardedsshport"
Authenticate with USB/SD device with automatic lock/unlock - libpam-usb
This is based on 1, 2 and some stuffs found on the net. The following steps assumes that your using a Debian based distro with Gnome as DM.
- Install libpam-usb package
$ sudo apt-get install libpam-usb
- Add support for SD cards readers with my patch in order to not waste an USB port :)
- Plug-in your device and create a new token
$ sudo pamusb-conf --add-user YOURUSER
- Add pamusb-agent to your startup applications
$ echo "[Desktop Entry] Name=pamusb-agent GenericName=PAM USB Auth Exec=/usr/bin/pamusb-agent Terminal=false Categories=Tools Type=Application StartupNotify=false X-GNOME-Autostart-enabled=true" > ~/.config/autostart/pamusb-agent.desktop
- Change automated actions
$ sudo vi /etc/pamusb.conf Look for the row containing <user id="YOURUSER"> and append before </user> the following lines <agent event="lock">dbus-send --type=method_call --dest=org.gnome.ScreenSaver /org/gnome/ScreenSaver org.gnome.ScreenSaver.Lock</agent> <agent event="unlock">dbus-send --session --dest=org.gnome.ScreenSaver --type=method_call --print-reply --reply-timeout=20000 /org/gnome/ScreenSaver org.gnome.ScreenSaver.SetActive boolean:false</agent>
- Logout/login and see the magic happen :)
Fixed (and automatically) mountpoint for external drives
- Edit your fstab specifying UUID, mountpoint and options (including “auto”)
- Assuming that your device was currently in /dev/sdb list its udev informations:
$ udevinfo -a -p $(udevinfo -q path -n /dev/sdb) # NOTE: Debian sid has renamed this utility to udevadm. The equivalent command is below: # udevadm info --name=/dev/sdb --attribute-walk
- take a note of some “unique” (and persistent!) information about your drive, like:
- BUS==“usb” - will match your bus excluding the others (sata, firewire, scsi, ecc)
- SYSFS{product}==“TS128MJFLASHA” - match the model
- KERNEL=“sd?1” - will only match locations like /dev/sda1, /dev/sdb1 and more importantly, it won't match nodes like /dev/sda, /dev/sdb, which can be fdisk'ed. Using this value you can automatically mount only some partitions of single drive.
- Create a new udev rule
sudo nano /etc/udev/rules.d/99-customautomount.rules
- Fill the new rule with your drive information and mount command
BUS=="usb", SYSFS{product}=="TS128MJFLASHA", KERNEL=="sd?1", run+="/bin/mount /mnt/Films"
- Restart udev
- Enjoy automatically mount :)
Make your Gnome 3 terminal transparent
- Install Devil's Pie 2
# apt-get install devilspie2
- Create devilspie2 configuration folder
$ mkdir ~/.config/devilspie2
- Paste this devilspie2 script inside a new file
$ nano ~/.config/devilspie2/terminal.lua if (get_application_name() == "Terminal") then set_window_opacity(0.85) set_window_size(1000, 650) center() end
- Run devilspie2 at login
$ nano ~/.config/autostart/devilspie2.desktop [Desktop Entry] Type=Application Exec=/usr/bin/devilspie2 Hidden=false X-GNOME-Autostart-enabled=true Name[en_US]=devilspie2 Name=devilspie2 Comment[en_US]=devilspie2 Comment=devilspie2
You didn't say the magic word!
If you are a real hacker you can't imagine something better then Jurassic Park login!
- Make sure that your distro use PAM (almost any distro except Slackware use PAM as default), and you have mplayer installed
Automatic installation (deb package for Debian based distribution fully automatized and Makefile for others without PAM configuration)
- See instructions on my GitHub
Manual installation
- edit /etc/pam.d/common-auth
insert this line immediately before the line with pam_deny.so module auth [default=ignore] pam_exec.so seteuid /usr/bin/didntsaythemagicword Now edit the two lines above (pam_unix and pam_winbind) and increase in every line success number by one, for example if you have success=2 change it to success=3. This is needed to skip our extra line when auth is successful.
- Create a new script in /usr/bin/didntsaythemagicword
#!/bin/sh # Check current TTY and if we are on fail login case or not if [ -z "$PAM_TTY" ] ; then PAM_TTY=`tty` NOTUSINGPAM=yes fi MYTTY=$PAM_TTY echo -n "access: PERMISSION DENIED." 1>$MYTTY # How many failed attempts in 5 minutes? LOG="/tmp/jurassikpark-${PAM_RHOST}-${PAM_RUSER}-${PAM_SERVICE}-`echo $MYTTY | sed s/\\\//_/g`-${PAM_USER}.log" if [ -e "$LOG" ] ; then if test $(find "$LOG" -mmin +5) ; then rm $LOG else . $LOG fi fi echo "COUNT_FAILS=`expr $COUNT_FAILS + 1`" > $LOG . $LOG if [ "$COUNT_FAILS" -le 2 ] && [ -z "$NOTUSINGPAM" ] ; then echo "" 1>$MYTTY exit 0 fi # Hinibit cursor setterm -cursor off # Hinibit ctrl-c ctrl-z trap "" 2 20 sleep 0.25 sleep 0.25 ; echo -n "...and...." 1>$MYTTY sleep 0.25 ; echo "YOU DIDN'T SAY THE MAGIC WORD!" 1>$MYTTY sleep 0.25 if [ -z "$NOTUSINGPAM" ] ; then mplayer -vo fbdev2 /usr/share/youdidntsaythemagicword.ogv 2>/dev/null 1>/dev/null & else mplayer -nogui -vo xv /usr/share/youdidntsaythemagicword.ogv 2>/dev/null 1>/dev/null & fi COUNT=0 while [ $COUNT -le 560 ] do echo "YOU DIDN'T SAY THE MAGIC WORD!" 1>$MYTTY sleep 0.05 COUNT=`expr $COUNT + 1` done setterm -cursor on exit 0
- Make it executable
# chmod +x /usr/bin/didntsaythemagicword
- Download this video from youtube and place it in /usr/share/youdidntsaythemagicword.flv
- Now every 3 login failed the video shows up! It works without xorg too!
Backup a lot of data from a remote (not directly accessible) VM with minimum overhead
- Connect to server
$ ssh user@ip_server -L 1900:ip_vm:1900
- Then connect to your VM
$ ssh user@ip_vm
- Start the listener
$ tar zc * | nc -l 190
- Open a new terminal and start the receiver
nc localhost 1900 | tar zx
Add a disk to extend a LVM logical volume
- Mark your disk/partition as LVM
# pvcreate /dev/sdX
- Extend the VolumeGroup containing your logical volume
# vgextend VolGroup00 /dev/sdX
- Extend the logical volume
# lvextend -l +100%FREE /dev/VolGroup00/LogVol02
- Extend the filesystem
# resize2fs /dev/VolGroup00/LogVol02