Archive

For the Linux category

Script to create a shared git project

No Comments

This script creates a git project to be shared among the users of the Unix group $GIT_GROUP. Every git project will be created into the directory $REPOSITORIES_BASE_DIR.

#!/bin/bash

# Base directory where the shared git project are.
REPOSITORIES_BASE_DIR="/home/git"
# Group in which the user's of the repositories must be a member of
GIT_GROUP=git

if [ $# -ne 1 ]; then
        echo 'Usage:' `basename $0` 'project-name'
        exit 1
fi

PROJECT_NAME=$1

cd "$REPOSITORIES_BASE_DIR"
git init --shared --bare "$PROJECT_NAME"
cd ..
find git/$PROJECT_NAME -type d | xargs setfacl -R -m d:g:$GIT_GROUP:rwX
sudo setfacl -R -m g:$GIT_GROUP:rwX git/$PROJECT_NAME

Make Linux use the hardware clock set to local time

No Comments

Ubuntu sometimes assumes that the hardware clock of the computer is set to GMT. If the hardware clock is set to local time, set UTC=no in /etc/default/rcS.

Move and secure the MySQL data directory

No Comments

By default, the data directory of MySQL is /var/lib/mysql. This can be a security issue, especially on a laptop. If your home directory is encrypted, you can easily secure you MySQL data. Backup you data before using this information. Read the procedure until the end before doing anything.

First, follow these steps to move the data directory of MySQL.

  1. Stop MySQL.
  2. sudo service mysql stop
  3. Copy the current database to its new location /home/yourhomedir/mysql.
  4. sudo mv /var/lib/mysql /home/yourhomedir/
  5. Create a link to prevent issues with innoDB tables
  6. ln -s /home/yourhomedir/mysql /var/lib/mysql
  7. Change the value of datadir in the file /etc/mysql/mysql.conf.d/mysqld.cnf for your new data directory location /home/yourhomedir/mysql
  8. Modify the two occurences of /var/lib/mysql with /home/yourhomedir/mysql in /etc/apparmor.d/usr.sbin.mysqld
  9. Reload apparmor
  10. sudo service apparmor reload

If you moved the MySQL data directory to an encrypted home directory, you will need to perform these supplementary steps.

  1. Disable MySQL from starting at system boot.
  2. sudo update-rc.d mysql remove
  3. Add MySQL to the group related to the user that owns the encrypted home directory
  4. sudo usermod -a -G yourhomedir mysql
  5. Change the permissions of the encrypted directory
  6. sudo chmod 750 /home/yourhomedir

In this scenario, you will need to start MySQL after you logged on and shut it down before loggoff which include shutting down the system. To start mysql, use the following command:

sudo service mysql start

To stop MySQL, use the following command:

sudo service mysql stop

If everything works fine, you can remove the original MySQL data directory using this command:

sudo rm -fr /var/lib/mysql

Interrupt NodeMCU init.lua

No Comments

It can be sometimes challenging to regain control of the NodeMCU running on a ESP8266 when init.lua has a tight loop in it.  To do so,  first, download esptool.py from GitHub.

Execute the following command

python esptool.py --port /dev/ttyUSB0 --baud <baud-rate> erase_flash

where

<baud-rate> is the baud rate of the connection between the ESP8266 and your PC.  Typically, 9600.

<serial-port> is the serial port the ESP8266 is connected to.  Typically,  /dev/ttyUSBn on Linux.

After having done this, you will need to re-install NodeMCU.  It can be done using the following command:

python esptool.py --port /dev/ttyUSB0 --baud <baud-rate> 
     write_flash 0x00000 <nodemcu-path>

where

<baud-rate> is the baud rate of the connection between the ESP8266 and your PC.  Typically, 9600.

<serial-port> is the serial port the ESP8266 is connected to.  Typically,  /dev/ttyUSBn on Linux.

<nodemcu-path> is the filename an path of the NodeMCU image.  Example: ../nodemcu_float_0.9.6-dev_20150704.bin

Make an Apache2 SSL server more secure

No Comments

These easy steps will improve significantly the security of your Apache2 SSL server. Edit your /etc/apache2/mods-enabled/ssl.conf file and replace the SSLProtocol, SSLCipherSuite and SSLHonorCipherOrder parameters with the following values.

SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

SSLHonorCipherOrder on

SSLProtocol all -SSLv2 -SSLv3

How to Install libnfc for PN532 NFC Readers on Linux

2 Comments

Installing libnfc for PN532 based NFC reader is not exactly as described in the documentation. Some information is scattered in the documentation. This installation guide has been tested with the GO2NFC GO2NFC141U NFC Reader and the Adafruit PN532 NFC/RFID controller breakout board.

1) Install the dependencies:

sudo apt-get install libusb-0.1-4 libusb-dev libpcsclite1 libpcsclite-dev libccid pcscd

2) Create the configuration directory

sudo mkdir -p /etc/nfc/devices.d/

3) Create the file /etc/nfc/devices.d/pn532_uart.conf containing

name = "PN532 board via UART"
connstring = pn532_uart:/dev/ttyACM0
allow_intrusive_scan = true

Replace ttyACM0 with ttyUSB0 if you are using the Adafruit reader.

5) Create the file /etc/nfc/libnfc.conf containing

allow_autoscan = true

6) Download the libnfc library at https://bintray.com/nfc-tools/sources/libnfc. Decompress the archive somewhere. Go into the libnfc-x.x.x directory.

7) Build the library

sudo ./configure --sysconfdir=/etc --prefix=/usr --with-drivers=pn532_uart
sudo make
sudo make install

8) Test your installation. Execute the command utils/nfc-scan-device. You should get an output similar to this one:

nfc-scan-device uses libnfc 1.7.1
1 NFC device(s) found:
- pn532_uart:/dev/ttyACM0:
pn532_uart:/dev/ttyACM0

How To Setup an Internet Gateway using Ubuntu

No Comments

Setting up an Internet Gateway using Ubuntu is pretty straight forward. In order to do so, you will need:

  1. A computer with two network interfaces. One hooked to your WAN connection, the other one to your LAN.
  2. The computer needs Ubuntu installed with a minimum of software installed.
  3. Copy the script below to your gateway machine in /etc/network/if-up.d/00-my-gateway. Make sure that the script has the execute permission.
  4. Update the LAN and WAN variables in the script. For example, if eth0 is your WAN interface and eth1 is your LAN interface, then set WAN=eth0 and LAN=eth1.
  5. Reboot.

This script configures the Ubuntu Firewall to forward LAN traffic to the Internet but drops all unsolicited incoming traffic from the Internet. Your network will be stealth. You can use the online tool ShiedlsUP! at https://www.grc.com to test it.


#!/bin/bash

PATH=/usr/sbin:/sbin:/bin:/usr/bin

# Interfaces
LAN=lan
WAN=wan

#
# Delete all existing rules.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward

# Loopback traffic.
iptables -A INPUT -i lo -j ACCEPT

# Allow established connections.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i $LAN -j ACCEPT
iptables -A FORWARD -i $WAN -o $LAN -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow connections from the $LAN to the $WAN.
iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT

# Enable masquerading.
iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE

# No forwarding from the $WAN to the $LAN.
iptables -A FORWARD -i $WAN -o $WAN -j DROP

# Drop everything else from the WAN ... Stealth mode.
iptables -A INPUT -i $WAN -j DROP

Java Applets are no longer working in Linux

No Comments

NPAPI support was dropped in Chrome version 35 introduced in Spring 2014. One of the consequences is that Java Applets running with IcedTea no longer works.

Upgrading to Ubuntu 14.04 install the newest version of Chrome. You then lose the ability to run IcedTea in Chrome. The only alternative I have found is using Firefox.

How to restore the Arduino Bootloader?

No Comments

It can be easily done using Linux. This procedure is for the 328p processor. It can easily be adapted for a 168 processor. You will need an ICSP. First, make sure that avrdude is installed. It can be installed by issuing the command:

sudo apt-get install avrdude

You will need to retrieve the bootloader. It can be found in the hardware/arduino/bootloaders/atmega directory in the 1.0.5 Arduino IDE download. It is named ATmegaBOOT_168_atmega328.hex.

  1. Put the chip on an Arduino board.
  2. Connect the ICSP to the Arduino board.
  3. Power the Arduino with an external source.
  4. Connect the ICSP to the computer. Find its serial port. Most of the time, it is listed in the system log. The command ‘dmesg’ can be used to find it out. Look at the last lines.
  5. Open a command line window.
  6. Issue the following commands. Replace /dev/ttyACM0 by the proper ICSP port.
    /usr/bin/avrdude -c avrispv2 -p m328p -P /dev/ttyACM0 -e

    /usr/bin/avrdude -c avrispv2 -p m328p -P /dev/ttyACM0 -U flash:w:ATmegaBOOT_168_atmega328.hex

  7. Unplug the ICSP and reset the Arduino board.

How to rename a user in Linux

No Comments

Simply issue this command:

usermod -m -d /home/new-account-name -l new-account-name old-account-name

It creates the home directory if it does not exists. It also copy the stuff of the old user into the new user account.

How to use the command line to make the internal speaker beep

No Comments

Two simple steps:

Install the beep utility. Executing beep on the command line will make the internal speaker beep.

apt-get install beep

Add pcspkr to /etc/modules to load it at boot time. You can load it manually by executing

modprobe pcspkr

How to assign a static IP address in Ubuntu

No Comments

Setting a static IP address in Ubuntu involves editing /etc/network/interfaces. If the interface is currently using DHCP, you will find these lines in the file.

auto lan
iface lan inet dhcp

You will have to replace the above lines with a section that looks like:

auto lan
iface lan inet static
address 192.168.1.80
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.200
dns-nameservers 8.8.8.8

Make the changes effective by either rebooting or by issuing this command:

sudo /etc/init.d/networking restart

How to change the network interface name in Ubuntu 12/13

No Comments

Two files need to be modified to change the name of a network interface in Ubuntu. For example, if you want to change eth0 for lan, simply change the NAME attribute from eth0 to lan in these files and reboot. Do not modify the KERNEL attribute.

/etc/udev/rules.d/70-persistent-net.rules
/etc/network/interfaces

How to find duplicate files on Linux?

No Comments

It is pretty straight forward in Linux, install fdupes.

sudo apt-get install fdupes

Type the following command to display the documentation

man fdupes

Ralink RT5572 based WiFi Usb Dongle setup on Ubuntu 12.04

44 Comments

The WiFi USB dongles based on the newest RT5572 chip set do not work out of the box on Ubuntu.  Unex DNUR-V72, D-Link DWA-160 Rev B and TP-Link TL-WDN3200 dongles are based on this chipset.

You will need to compile the source code of the driver to make it work.  Do not leave this page!  This involves only a few easy steps.

1. Save this page’s link.  You will have to reboot and come back to it.

2. Un-plug the WiFi USB dongle from your computer.

3. Reboot your computer.

4. Download the driver’s source code from the manufacturer website. Alternatively, you can download a version of this file from this site. Files have been already edited. Steps 9, 10 and 11 are then unnecessary. Note that the filename is slightly different (DPO_RT5572_LinuxSTA_2.6.0.1_20120629_EDITED.tar.bz2.bz2).

5. Open a terminal window.

6. Change to the directory that contains the driver’s source code downloaded previously.  For example,

cd /home/myuser/Downloads

7. Extract the source code.  You might need the modify the file name since Mediatek may publish newer source code.  For example (there is two bz2 extensions!),

tar xvf DPO_RT5572_LinuxSTA_2.6.0.1_20120629.tar.bz2.bz2

8. Change to the source code directory

cd DPO_RT5572_LinuxSTA_2.6.0.1_20120629

9. Edit the file os/linux/config.mk.  Set to y the two variables HAS_WPA_SUPPLICANT and HAS_NATIVE_WPA_SUPPLICANT_SUPPORT.  Your file shall shows

# Support Wpa_Supplicant
# i.e. wpa_supplicant -Dralink
HAS_WPA_SUPPLICANT=y
# Support Native WpaSupplicant for Network Manager
# i.e. wpa_supplicant -Dwext
HAS_NATIVE_WPA_SUPPLICANT_SUPPORT=y

10. Edit the file os/linux/usb_main_dev.c. Add a line containing MODULE_LICENSE(“GPL”);. This line is important. The position of the line is important. Your file shall shows

MODULE_DESCRIPTION("RT2870 Wireless Lan Linux Driver");
MODULE_LICENSE("GPL");
#ifdef CONFIG_STA_SUPPORT
#ifdef MODULE_VERSION

11. Edit the file common/cmm_mac_usb.c and add the lines “#define usb_buffer_alloc(a, b, c, d) usb_alloc_coherent(a, b, c, d)” and “#define usb_buffer_free(a, b, c, d) usb_free_coherent(a, b, c, d)“. The position of the lines is important. Your file shall shows

#ifdef RTMP_MAC_USB

#define usb_buffer_alloc(a, b, c, d) usb_alloc_coherent(a, b, c, d)
#define usb_buffer_free(a, b, c, d) usb_free_coherent(a, b, c, d)

#include        "rt_config.h"

12. In the same directory as step #8, compile the driver’s source code. Type the following command:

sudo make

13. Install the driver. Type the following command:

sudo make install

14. Plug your WiFi USB dongle.
15. After a few seconds, you should see an interface called ra0 if you type the following command:

sudo ifconfig

16. Configure your connection as you would normally do.

Recording a terminal session under Linux

No Comments

It is possible to record a terminal session under Linux with ttyrec. It also records vi, emacs, etc. sessions.

Fisrt, install ttyrec

sudo apt-get install ttyrec

To start recording a session:

ttyrec

To replay a session recording:

ttyplay ttyrecord

A step by step guide to setup a Bluetooth keyboard and mouse on the Raspberry PI

82 Comments

A lot of people is having problem setting up a Bluetooth keyboard and mouse on the Raspberry PI. Things get more complicated when your wired keyboard or mouse does not work or prevent your Bluetooth dongle from working. There is hope. This step by step procedure will let you install them or at a minimum let you know what does not work. It uses only the command line interface. It is targeted for the Wheezy Debian distribution.

    • First of all, if you already tried to set them up and they do not work, start with a fresh install of the OS. This will rule out anything you have done before that would prevent this procedure from working.
    • Plug the Bluetooth dongle directly on the Raspberry PI board.
    • Boot the Raspberry PI and connect to it using SSH from another computer if possible.  Otherwise, use a wired or wireless keyboard. Logon as pi, password raspberry.
    • Switch to root
sudo bash
    • Install all the updates.  It will take a while.
apt-get update
apt-get upgrade
    • Enable dbus
update-rc.d -f dbus defaults
    • Reboot
reboot
    • Reconnect as described above. Logon as pi, password raspberry. Switch to root.
    • Install the required packages.  It will take a while.
apt-get install bluetooth bluez-utils blueman
    • Reboot and reconnect as described above. Logon as pi, password raspberry. Switch to root
    • Make sure that your Bluetooth dongle is recognized. If not, unplug it and re-plug it.
lsusb
    • Make your Bluetooth device discoverable. Refer to the device manual.
    • Make sure that your device is seen by the Raspberry PI. Take note of its MAC address (ex. 75:EF:82:69:D2:83)
hcitool scan
    • Pair the device. When requested, type a pin like 0000 and hit ENTER. If you are pairing a keyboard, type the PIN you have entered and hit ENTER on the keyboard you are pairing. If you are pairing a mouse, you also need to type a PIN of 0000 when requested and hit ENTER. This PIN might depends on the mouse manufacturer.
bluez-simple-agent hci0 75:EF:82:69:D2:83
    • Make the device trusted.
bluez-test-device trusted 75:EF:82:69:D2:83 yes
    • Connect the device. After a few seconds, your device will be usable.
bluez-test-input connect 75:EF:82:69:D2:83
  • Repeat the steps from “Make your Bluetooth device discoverable” if you need to install another device.
  • When you will reboot, the devices will reconnected automatically after a few seconds.

This procedure worked for the following devices:

  • Cambridge Radio Bluetooth dongle
  • Microsoft Bluetooth Mobile Keyboard 6000
  • Apple Bluetooth Keyboard (iPad keyboard)
  • HipStreet mini bluetooth keyboard
  • Merkury iPad keyboard
  • RocketFish Bluetooth Mouse
  • Razer Orochi Mouse
  • iPazzPort Bluetooth (Model KP-810-10BTT)
  • Ultra eXo mini keyboard/touchpad

How To Setup A Protected Wireless Connection Via the Command-Line

1 Comment

Setting up a wireless connection via the command line may vary depending on the USB Wireless Interface you are using. These instructions also work for the Raspberry PI running Wheezy. You must be root in order to carry out these instructions.

Make sure that your wireless interface is recognized.

lsusb

Find your wireless interface name (usually wlan0).

ifconfig

Make sure that your network is visible asssuming the ESSID is broadcasted. Replace wlan0 by you wireless interface name.

iwlist wlan0 scan

or

iwlist wlan0 scan | grep ESSID

Prepare your wireless configuration file. It will wait for you to type in your wireless network password. Enter your wireless network password an hit ENTER.

wpa_passphrase Replace-with-your-ESSID > wpa.conf

Find out which wireless driver you are using. The drivers are listed in the drivers section. The driver you are using is usually labelled “Linux wireless extensions”. The driver name is most of the time wext.

wpa_supplicant --help

Initialize the wireless interface. Make sure you replace wpa.conf, wext and wlan0 with the values related to your environment. Some error messages may be displayed. These errors might not prevent your wireless connection from working.

wpa_supplicant -Dwext -iwlan0 -cwpa.conf -B

You can check if your wireless interface is properly initialized.

iwconfig

Issue this command to get an IP address assuming you are using DHCP.

dhclient wlan0

You can install wpa_passphrase and wpa_supplicant is they are not already on your system by issuing the command

apt-get install wpasupplicant
Blue Taste Theme created by Jabox