Debian/Ubuntu Tips and Tricks

Debuntu

Debian/Ubuntu Tips and Tricks

Archive for the 'System' Category

How Tos on running a debian/ubuntu linux system from getting over troubles, configuring X, bash scripting… Anything related to your local system.

How-To: Fight SPAM with Postfix RBL

Posted by chantra on 26th September 2013

Spam, spam everywhere! If you are hosting your own mail server, fighting spam can become tricky. Antispam solutions do catch a fair amount of them, but still many spam email can still make their way through.

RBL (Real-time Blackhole) is a database of known spammy IPs which is accessible over DNS. Depending on the response received from the DNS server, the IP is classified as spammy or not.

This tutorial will show you how to set up RBL with postfix.

Read the rest of this entry »

Tags: , , ,
Posted in Administration, HowTo, Networking, System | 1 Comment »

How-To: using Python Virtual Environments

Posted by chantra on 3rd September 2013

A nice thing about Python is that there is tons of modules available out there. Not all those modules are readily available for your distro and even if there were, chances are that a newer release with new features is already out there.

You might not always want to install those modules system wide, either because there might not be any need for it, or because they could clash with the same module install via package management.

To answer this problem, python has a virtualenv that will let you create multiple virtual python instances within which you will be able to install whichever modules you might need. All this without requiring root pribileges.

Read the rest of this entry »

Tags: , ,
Posted in HowTo, Softwares, System | No Comments »

How-To: Automatically logout idle bash session

Posted by chantra on 15th July 2013

It can be useful to have a bash session automatically closing after some time. One of the obvious reason you might want this to happen is to make sure that no console is left with root access unwillingly.

Bash comes ready for this and can be configured to automatically terminate after waiting for activity for a given time.

Read the rest of this entry »

Tags: , ,
Posted in Administration, General, HowTo, System | No Comments »

How-To: Make a file Immutable/Write protected

Posted by chantra on 10th June 2013

There might be time when you want to make sure that a file will be protected from accidental/automated change/deletion. While one can protect a file/directory in some ways by removing write permissions using standard file permission on Unix already can save you from some situations, there is more that can be done on Linux.

Read the rest of this entry »

Tags: ,
Posted in Administration, HowTo, System | 2 Comments »

How-To: tail multiple files with multitail

Posted by chantra on 29th April 2013

Many times you will end up tailing multiple files simultaneously. There is a sweet linux utility called multitail that will let you tail multiple files at the same time within the same shell.

And not only will you be able to tail multiple files! You will also be able to run multiple commands and tail their outputs!

Read the rest of this entry »

Tags: , ,
Posted in Administration, HowTo, System | No Comments »

How-To: Reboot on OOM

Posted by chantra on 17th April 2013

Ever had your linux box getting Out of Memory (OOM)? Cleaning up after the OOM killer kicked in to find out that even though OOM killer did a decent job at trying to kill the bad processes, your system ends up in an unknown state and you might be better of rebooting the host to make sure it comes back up in a state that you know is safe.

Read the rest of this entry »

Tags: , , , ,
Posted in Administration, HowTo, System | 1 Comment »

How-To: Bash Parameter Expansion and String Manipulation

Posted by chantra on 19th February 2013

Last time we saw how bash can help us in handling default values out of the box using parameter expansion. This time we will see how basic string operations (nonetheless common and useful) can also be achieved using bash.

There is many ways to do string manipulation with bash, like finding a filename extension using expr, separating the directory part from a filename using dirname and basename.... or even more sophisticated ones based on regex, sed....

Why using a sledgehammer to crack a nut when you could use bash builtin functionalities!

Read the rest of this entry »

Tags: , , ,
Posted in Administration, HowTo, Softwares, System | No Comments »

How-To: Bash Parameter Expansion and Default Values

Posted by chantra on 28th January 2013

Bash is a sh-compatible command language interpreter that executes commands read from the standard input or from a file.
There is much more to bash than running a sequence of commands, one of the features bundled with bash is parameter expansion.

Any shell user has most likely used shell variables, be it $1 or $myvar, to save values... but there is more to it. This tutorial will cover a subset of shell parameter expansion that can become really handy and save you a lot of time.

Read the rest of this entry »

Tags: , , ,
Posted in Administration, HowTo, Softwares, System | No Comments »

Mastering Top

Posted by chantra on 22nd January 2013

top is most likely one of the most known Linux command and also one of the most used one, however most people do not take full advantage of its capabilities.

In this tutorial, we will see a few usages of top that will make allow you to get more out of it.

Read the rest of this entry »

Tags: , ,
Posted in Administration, HowTo, System | 4 Comments »

How-To: OpenVPN on Debian Squeeze with Username/Password authentication

Posted by chantra on 16th January 2013

Client configuration

To get the client configuration set, you will need to provide the following file:

  • ta.key
  • ca.crt

# mkdir clientconfig
# cp /etc/openvpn/easy-rsa/2.0/keys/{ca.crt,ta.key} clientconfig/

And finally create the config file clientconfig/client.ovpn

client
dev tun
proto udp
# change to your vpn server
remote 172.16.132.5 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
ns-cert-type server
tls-auth ta.key 1
# in UDP mode, explicitely notify
# the server that we exit
# send up to 3 attempts
explicit-exit-notify 3
comp-lzo
verb 3
auth-user-pass

Finally, provide the clientconfig folder and its content to a client.

I would recommend using network-manager-openvpn package on Debian/Ubuntu. It is a easy as importing the configuration through network-manager wizard.

Another way to connect to your newly intalled openvpn server is to run the following command:

chantra@fb-ubu1210-64:~/clientconfig$ sudo openvpn ovpn.ovpn
Tue Jan 15 20:22:14 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Oct  8 2012
Enter Auth Username:chantra
Enter Auth Password:
Tue Jan 15 20:22:22 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Jan 15 20:22:22 2013 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Jan 15 20:22:22 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 15 20:22:22 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 15 20:22:22 2013 LZO compression initialized
Tue Jan 15 20:22:22 2013 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Jan 15 20:22:22 2013 Socket Buffers: R=[212992->131072] S=[212992->131072]
Tue Jan 15 20:22:22 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan 15 20:22:22 2013 Local Options hash (VER=V4): '504e774e'
Tue Jan 15 20:22:22 2013 Expected Remote Options hash (VER=V4): '14168603'
Tue Jan 15 20:22:22 2013 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Tue Jan 15 20:22:22 2013 UDPv4 link local: [undef]
Tue Jan 15 20:22:22 2013 UDPv4 link remote: [AF_INET]172.16.132.5:1194
Tue Jan 15 20:22:22 2013 TLS: Initial packet from [AF_INET]172.16.132.5:1194, sid=8c1e69ca 24d3f240
Tue Jan 15 20:22:22 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jan 15 20:22:22 2013 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston CA/emailAddress=me@myhost.mydomain
Tue Jan 15 20:22:22 2013 VERIFY OK: nsCertType=SERVER
Tue Jan 15 20:22:22 2013 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston CA/emailAddress=me@myhost.mydomain
Tue Jan 15 20:22:22 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 15 20:22:22 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 15 20:22:22 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 15 20:22:22 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 15 20:22:22 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan 15 20:22:22 2013 [frd1h01] Peer Connection Initiated with [AF_INET]172.16.132.5:1194
Tue Jan 15 20:22:24 2013 SENT CONTROL [frd1h01]: 'PUSH_REQUEST' (status=1)
Tue Jan 15 20:22:24 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'
Tue Jan 15 20:22:24 2013 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jan 15 20:22:24 2013 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jan 15 20:22:24 2013 OPTIONS IMPORT: route options modified
Tue Jan 15 20:22:24 2013 OPTIONS IMPORT: route-related options modified
Tue Jan 15 20:22:24 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jan 15 20:22:24 2013 ROUTE default_gateway=172.16.132.2
Tue Jan 15 20:22:24 2013 TUN/TAP device tun0 opened
Tue Jan 15 20:22:24 2013 TUN/TAP TX queue length set to 100
Tue Jan 15 20:22:24 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jan 15 20:22:24 2013 /sbin/ifconfig tun0 10.8.0.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Tue Jan 15 20:22:24 2013 /sbin/route add -net 172.16.132.5 netmask 255.255.255.255 gw 172.16.132.2
Tue Jan 15 20:22:24 2013 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.1
Tue Jan 15 20:22:24 2013 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.1
Tue Jan 15 20:22:24 2013 GID set to nogroup
Tue Jan 15 20:22:24 2013 UID set to nobody
Tue Jan 15 20:22:24 2013 Initialization Sequence Completed

That's it, you should now be able to connect to your OpenVPN server and encrypt all the traffic between your workstation and your server!

Tags: , , , ,
Posted in Administration, HowTo, Networking, Softwares, System | No Comments »