Just a quick tip. If you want to do a screenshot of a certain area of your screen and save it to a file, use the command CTRL + Shift + Print on Ubuntu Linux.
Tag: Ubuntu
[Ubuntu] Automatic Backup of MySQL Databases
Just install automysqlbackup via apt-get.
You can configure the whole system via /etc/default/automysqlbackup
Backups will be sent to /var/lib/automysqlbackup
[PiAndMore] Raspberry Pi Appliances
Here is the presentation to my Appliances Talk @ PiAndMore 7 (Trier, 20.07.2015)
RPiAppliances_PiAndMore7.pdf (0,6 MB, PDF)
[Security Spotlight] Upgrade OpenSSL to 1.0.1g - Heartbleed Bug - Urgent!
So, thats no joke: OpenSSL broke badly!
Here is the background: http://heartbleed.com/
And as there is no zero-hour-fix for Ubuntu (including 12.04 LTS...), I decided to take chances and overwrite my existing OpenSSL 1.0.1 with the new code. It worked out flawlessly - but your system could *REALLY* break. Thats as dirty as it possibly could get!
wget http://www.openssl.org/source/openssl-1.0.1g.tar.gz
tar -xvzf openssl-1.0.1g.tar.gz
cd openssl-1.0.1g/
./config --prefix=/usr
sudo make
sudo make test
sudo make install
[Ubuntu 12.04] Resolve Grub Boot Problems
If you killed your trusty grub (i.e. by new Install of Windows 8.. :/) you can repair it quite easily:
- Boot with an Ubuntu 12.04 Live CD
- CTRL + ALT + T
sudo add-apt-repository ppa:yannubuntu/boot-repair
sudo apt-get update
sudo apt-get install -y boot-repair && boot-repair
And click on the repair button! Done!
Disable Root Account in Ubuntu
An freshly installed Ubuntu got the root Account set to the best and most secure state ever: DISABLED!
But if you use ready-made Appliances and such, most of these Ubuntu Appliances come with an enabled Root Account. How to disable this account? Easy:
sudo usermod -p '!' root
Source: http://serverfault.com/questions/178080/how-do-i-disable-root-login-in-ubuntu
[Ubuntu 12.04] EEE PC 1015 PN with Ubuntu 12.04 LTS
I could not help myself but felt the need to have at least one real "Dual Boot" system (not VMWare Stuff) - so I setup my Asus EEE PC 1015 PN with the Ubuntu 12.04 LTS according to mtrons excellent Tutorial ( https://sites.google.com/site/mtrons/howtos/eeepc-1015pn ) which worked out right out of the box.
But - as I haid some trouble with the old Broadcom Wifi/BT Card in Windows 7, I went for an Intel 6250 AGN/WiMax Card. I do not use WiMax and would love an BT option - but the price point of that card on ebay finally got me to press the "Buy now" button. I thought "Well, it is an Intel Card - that should work quite well and stop throwing me out of the University Wifi with no chance but doing an hard reboot of the Laptop to solve the problem" - yeah - it really did. BUT - somehow, after some time and updates to the Ubuntu System, I lost connectivity: Network Manager was nagging for the password all the time - without a reason. Finally I found the solution on this website: http://askubuntu.com/questions/104651/how-do-i-get-wireless-working-on-an-asus-notebook-u56e - with some changes.
From Kernel > 3.1 on, the wifi driver is not called iwlagn but iwlwifi, so your changes would go in that way:
sudo /etc/modprobe.d/iwl.conf
and add these options to the file. First does deactivate the not existing BT Module on the card, second does disable N networks, which could avoid other problems:
options iwlagn bt_coex_active=0
options iwlagn 11n_disable=1
Reboot and you are done
Another problem was the Optimus system: The Dual GPU Option of the system, packing an Intel GMA as well as an Nvidia ION Graphics on the board, with the choice of changing between both on the fly. That *did* work according to mtrons guide, BUT after an kernel upgrade - the acpi_call module did not work anymore - and with that the optimus tool. Help to that problem could be found here: http://hybrid-graphics-linux.tuxfamily.org/index.php?title=Acpi_call with the following changes:
cd /usr/src/acpi_call-1.1.1/
# got an newer version of acpi_call
sudo dkms add -m acpi_call -v 1.1.1
# did throw an error as the module already existed
sudo dkms build -m acpi_call -v 1.1.1
# rebuild the module
sudo dkms install -m acpi_call -v 1.1.1
# reinstalled it to the kernel
sudo modprobe acpi_call
# reload module
modinfo acpi_call
# show some infos
And thats it!
I am quite happy with the performance of Ubuntu on the system and I will keep it a while. I also tried the latest Debian, but was not that satisfied with it :/! So long!
SSH Tunneling
One of the most important things by working in "dangerous" Networking Enviroments is protection.
And by that I don't mean the usual (and important!) Anti Virus, Anti Malware and Firewall Software, but Traffic Tunneling, meaning VPN or SSH.
SSH is the secure equivalent to the good old (and Plaintext transmitted) Telnet. And its also more powerful: Its use is not limited to remote Control, but can also provide an secured Datatunnel through which all your Traffic to your Remote Location (i.e. an Mysql Database, Web- or Mailserver or the Web itself) is tunneld - and encrypted. Giving therefore little to no chance to "Wiresharkes" and other Cable Tappers or Span Users.
So lets go:
1. Setting up the SSH Server
Setting up an ssh Server is as simple as:
apt-get install openssh-server
if you're running Debian or Ubuntu.
Optional you can configure that the "root" Account
won't be able to access via ssh and you can configure that
Plaintext Passwords aren't allowed. We will go for an Keybased Setup here,
but I would recommend not shutting down this Plaintext Password Authentification
if you can't access the machine physically easily (as the Certifactes are only valid
for one year...).
2. Configuring the SSH Server
vi /etc/ssh/sshd_config
- change Port to 18000
Port 18000
// Thats an must!
- deactivate root access
PermitRootLogin yes
// Thats optional, it does NOT allow your root Account to login via SSH.
// Only set that if you know what you're doing!
- deactivate password login
PasswordAuthentication no
// Thats optional as well, you can set that after this whole thing,
// as you have working SSH Key Authentification - but beware,
// you won't be able to login via an Password then!
// ( And that will hurt if your Keys are expired and don't work anymore... )
3. Configure Router (NAT and Firewall) to Allow Access to your SSH Server.
Use Dynamic DNS (i.E. DynDNS.org) to get an Dynamic DNS Adress.
( Means that an adress like myserver.dyndns.org will always point to
your dynamically changing IP Adress of your Router. Most Routers have an
DynDNS Client built in, so they update the DynDNS Account on every IP Change -
look it up in the Handbook / Config Menu)
4. Setting up an SSH User with Restricted Shell Access
sudo apt-get install rssh
// Installs the restricted shell
sudo useradd tunnel -m -s /usr/bin/rssh
// Creates an User named tunnel with the Restricted Shell
sudo passwd tunnel
// Enter the Password you want for the User
5. Setting up Squid HTTP Proxy
sudo apt-get install squid
6. Creating the Connection using Putty and Setting up the Clients
Download the Putty installer from
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
and install. Then open Putty:
Session -> Hostname and Port: Enter your DynDNS Adress and the Port you chose for SSH
Connection -> Enable TCP Keepalives
Connection -> SSH -> Don't start a shell or command at all
Connection -> SSH -> Enable compression
Connection -> SSH -> Tunnels: Source Port you can choose i.E. 20000
// Source Port is the Port the Tunnel will end on your "Client PC"
Connection -> SSH -> Tunnels: Destination Port localhost:3128
// Destination Port is in that Case the Server (localhost) and Port 3128
// which is the Squid Proxy. But it could also be something like
// IPofyourRouter:21 to forward the Telnet of your Router to Port 20000 on
// the Remote PC, or IporNameofyourHomePc:3389 to forward the Windows
// Remote Desktop - or anything else. You would then connect with the
// Remote Desktop Tool to "localhost:20000" to Access your PC at Home.
Session -> Press Save and Save the Session
Session -> Press Open and Enter your Login, i.E. tunnel and password
You won't see anything as it stays open and "nothing happens".
Go to your Internet Explorer \ Firefox and enter as Proxy localhost, Port 20000
Internet Explorer:
Extras, Internetoptions, Lan Settings, Choose Proxy Server for Lan
Enter localhost, Port 20000
Firefox:
Extras, Settings, Advanced, Network, Settings
Manual Proxy Configuration, HTTP Proxy: localhost, Port 20000
For all Protocols
And now you'll be able to surf the Web Securely from everywhere through your
secured Tunnel!
WARNING: ONLY the Traffic is secured. Your DNS Lookups STILL go to your local
DNS Server. So i.e. the Local DNS Admin can see that you were surfing on
i.e. Google, Facebook or so - but can't see what you did transmit there.
To change that and to do DNS also tunneled via SSH do this:.
Internet Explorer:
don't know, isn't working
Firefox:
// Enter in the URL Bar:
about:config
// Look for this string and set it to "true"
network.proxy.socks_remote_dns
Only one thing to do left:
Set Keybased Authentification.
Keybased Authentification has two main Advantages:
a) You can use it allow scripts to identify themselfes via the key and use ssh
b) Its more secure as the Key does check its Serverpart and tells you if you're
connection has been redirected or intercepted. Its the way to go.
Creating keys:
su
// Enter password for root Access
ssh-keygen -t rsa -b 2048
Just "enter" through everything
Installing keys:
cd /home/tunnel/
mkdir .ssh
chmod 700 .ssh/
cd .ssh/
touch authorized_keys
cat ~/.ssh/id_rsa.pub > authorized_keys
chmod 600 authorized_keys
cd ..
chmod 700 .ssh/
chown tunnel -R .ssh/
exit
Download the key id_rsa in /root/.ssh/ via WinSCP to your PC
Startup puttygen which you did gain with the Putty installer.
Load the id_rsa in Putty and press on "Save Private Key"
Using key based Authentification with Putty:
Open Putty and load your Preset
Connection -> SSH -> Auth
And use the "Private Key File for Authentification" to point to your previously
set Private Key (wheter encrypted or not isn't important at this Point).
Go again to Session and Save again. Press Open.
You'll be asked to enter your Username and Passphrase (if you got one).
If you want to really automate that, you can even specify your Username in
Putty under SSH -> Connection -> Data "Auto Login Name"
Get Ethernetcard working again in Linux under ESXi
After installing Ubuntu Server on Vmware ESXi, I couldn't find a NIC:
sudo /etc/init.d/networking restart
* Reconfiguring network interfaces...
eth0: ERROR while getting interface flags: No such device
SIOCSIFADDR: No such device
eth0: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
SIOCSIFBRDADDR: No such device
eth0: ERROR while getting interface flags: No such device
eth0: ERROR while getting interface flags: No such device
Failed to bring up eth0.
Problem is that the ethernet MAC addresses are cached.
To remove the cache values:
sudo rm /etc/udev/rules.d/70-persistent-net.rules
Reboot, and it should work.
Other NIC files:
* /etc/hosts - change ip address and hostnames
* /etc/hostname - change hostname
* /etc/network/interfaces - change ip address